851a903ecac4c8fa173d52a2d5c94056c4e3e2627dd89696d8f31876ecf6ff24

Analysis

max time kernel
120s
max time network
151s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07-01-2024 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47f508273a8e585f2ba4495696b6d6de.exe
Size

5.8MB
MD5

47f508273a8e585f2ba4495696b6d6de
SHA1

5a0cb0bfc3cb67bcd3b48c25bbf1781a5dc78dbe
SHA256

851a903ecac4c8fa173d52a2d5c94056c4e3e2627dd89696d8f31876ecf6ff24
SHA512

930260e0e88ce065216eee3a58023249007c3a99c58d62eac493b729f311d7f60c537bfcf64b7a84cd5d20604148f2f475326046bdebc8798daaa468767f2865
SSDEEP

98304:kmaLy4UmNn24HBUCczzM3SHAqbatPNmM4HBUCczzM3:kmKy4UmNn9WCWHAq21N2WC

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2960	47f508273a8e585f2ba4495696b6d6de.exe

Executes dropped EXE 1 IoCs

pid	Process
2960	47f508273a8e585f2ba4495696b6d6de.exe

Loads dropped DLL 1 IoCs

pid	Process
2412	47f508273a8e585f2ba4495696b6d6de.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2412-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c0000000153ba-10.dat	upx
behavioral1/memory/2960-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c0000000153ba-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2412	47f508273a8e585f2ba4495696b6d6de.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2412	47f508273a8e585f2ba4495696b6d6de.exe
2960	47f508273a8e585f2ba4495696b6d6de.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2960	2412	47f508273a8e585f2ba4495696b6d6de.exe	27
PID 2412 wrote to memory of 2960	2412	47f508273a8e585f2ba4495696b6d6de.exe	27
PID 2412 wrote to memory of 2960	2412	47f508273a8e585f2ba4495696b6d6de.exe	27
PID 2412 wrote to memory of 2960	2412	47f508273a8e585f2ba4495696b6d6de.exe	27

C:\Users\Admin\AppData\Local\Temp\47f508273a8e585f2ba4495696b6d6de.exe
"C:\Users\Admin\AppData\Local\Temp\47f508273a8e585f2ba4495696b6d6de.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Users\Admin\AppData\Local\Temp\47f508273a8e585f2ba4495696b6d6de.exe
  C:\Users\Admin\AppData\Local\Temp\47f508273a8e585f2ba4495696b6d6de.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\47f508273a8e585f2ba4495696b6d6de.exe

Filesize
147KB

MD5
ef558a416e8c9cfa2475804a23ef8952

SHA1
a8fb3ce915f025e58098cf4844ebd3491071f62d

SHA256
eaa3e8e7991663325844f955c8e835aa5aca426f17ee44de5c8c47c3fe2694f2

SHA512
eac758657e6e6d46484d59261d047fc65676ded182c5baf0dbe6890f85dad3aa74a9f0bb6d79bd9b7c27dc5c5b3d761ea020a5ecb1dc9d38e47946045a27e8a3

Download Submit
\Users\Admin\AppData\Local\Temp\47f508273a8e585f2ba4495696b6d6de.exe

Filesize
346KB

MD5
2da63e82bec7761e7854eabfb33d49a4

SHA1
d008bdc12ddff961704fe6d20f917d351f4d592a

SHA256
009f52fd94d56be7030552f759710c26666b3ccedc0bc15bd620c96ba9065237

SHA512
294eb3afb6fd36d0370b1e9f1178c61e6c9a6948dde499afd2aa437e3e2f3cf7666612144cca7b8f875be133f6ae58fe286983456105b1f4c9c97df4f997eb51

Download Submit
memory/2412-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2412-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2412-1-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2412-14-0x0000000003C90000-0x000000000417F000-memory.dmp

Filesize
4.9MB

Download
memory/2412-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2412-31-0x0000000003C90000-0x000000000417F000-memory.dmp

Filesize
4.9MB

Download
memory/2960-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2960-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2960-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2960-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2960-25-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/2960-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download