a36897f495370050926beca0a261fe74d6c3e78ebdd6a066fed6ed9a535c8f64

Analysis

max time kernel
121s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4833c7521d836565edc4d5a2dd5a7b3c.exe
Size

2.7MB
MD5

4833c7521d836565edc4d5a2dd5a7b3c
SHA1

95a687c25147ef02809a1ea3fc33e5978e595305
SHA256

a36897f495370050926beca0a261fe74d6c3e78ebdd6a066fed6ed9a535c8f64
SHA512

e9f78622c0711bcc17831280ea8151ee2e08da9d06b852e4ed29af8de66a5e565fa9b82fef4838b71eb276362568970f72580eb60c51d5fca08d0642f985a8b8
SSDEEP

49152:0/diYDHv6Wrj38mr220svurdSyKWwkHkETaYSONmqMQOwBcfp:01tHxrL8mr220svurNKBkHPR7NtvOw2B

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2688	4833c7521d836565edc4d5a2dd5a7b3c.exe

Executes dropped EXE 1 IoCs

pid	Process
2688	4833c7521d836565edc4d5a2dd5a7b3c.exe

Loads dropped DLL 1 IoCs

pid	Process
3028	4833c7521d836565edc4d5a2dd5a7b3c.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3028-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012266-10.dat	upx
behavioral1/files/0x0009000000012266-13.dat	upx
behavioral1/memory/2688-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/3028-15-0x0000000003A30000-0x0000000003F1F000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3028	4833c7521d836565edc4d5a2dd5a7b3c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3028	4833c7521d836565edc4d5a2dd5a7b3c.exe
2688	4833c7521d836565edc4d5a2dd5a7b3c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2688	3028	4833c7521d836565edc4d5a2dd5a7b3c.exe	28
PID 3028 wrote to memory of 2688	3028	4833c7521d836565edc4d5a2dd5a7b3c.exe	28
PID 3028 wrote to memory of 2688	3028	4833c7521d836565edc4d5a2dd5a7b3c.exe	28
PID 3028 wrote to memory of 2688	3028	4833c7521d836565edc4d5a2dd5a7b3c.exe	28

C:\Users\Admin\AppData\Local\Temp\4833c7521d836565edc4d5a2dd5a7b3c.exe
"C:\Users\Admin\AppData\Local\Temp\4833c7521d836565edc4d5a2dd5a7b3c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Users\Admin\AppData\Local\Temp\4833c7521d836565edc4d5a2dd5a7b3c.exe
  C:\Users\Admin\AppData\Local\Temp\4833c7521d836565edc4d5a2dd5a7b3c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4833c7521d836565edc4d5a2dd5a7b3c.exe

Filesize
239KB

MD5
2b188ca1c97dabc22c658c1dbc7f6616

SHA1
558d97c8c96d92d8194282198a4c8288024cedac

SHA256
bd25e33be964461b9f18e057304d3332fb4bb427d71e3a5570689e63ee627bc4

SHA512
3f00f5779ea7de6df95482429c610df435b9b9c90d69d361e12c1e7830ff024f480e7d83d37faebaaa01e1381888e1671c1797c15e1ab7f833ffdb8e271778ca

Download Submit
\Users\Admin\AppData\Local\Temp\4833c7521d836565edc4d5a2dd5a7b3c.exe

Filesize
17KB

MD5
2d4b3e14ded142e04ec40bf06d843309

SHA1
e0164844b4f89556ebcaf3d73846922b07ebfc92

SHA256
3087f83650b99e98fe62079c17d08023fcdc9e8d1af83a91050e5cb40f8d1f13

SHA512
6b502849c202332eb816fa4fd5c6dea4520f3b11b3a7a4ee1ccc3ffa98d94672dc65025a0070615b6b8bced2d83c05bb7f9d2bf895fdbdc57641177975a8da1e

Download Submit
memory/2688-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2688-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2688-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2688-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2688-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2688-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3028-3-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/3028-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3028-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3028-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3028-15-0x0000000003A30000-0x0000000003F1F000-memory.dmp

Filesize
4.9MB

Download
memory/3028-31-0x0000000003A30000-0x0000000003F1F000-memory.dmp

Filesize
4.9MB

Download