69b9eb080fb0e6266649c13c819b15727f70a4dfd8ff0088a015f9beb5b5b8b9

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

484c505fb1c206794217aef775e645ed.exe
Size

5.3MB
MD5

484c505fb1c206794217aef775e645ed
SHA1

2d92746afaaab0cec725391f7c5e2523e3868056
SHA256

69b9eb080fb0e6266649c13c819b15727f70a4dfd8ff0088a015f9beb5b5b8b9
SHA512

752bdb4fe4c54d09fd698c0c91634e4f9cf17ac0ef484ed68924ff897c1262ef669b31f466297909585d549a2600c6cdc968b5f05190e6d3b1a799006233871f
SSDEEP

98304:KQRndrwtCZG1XTHktBcwQDM2YIDULHsrVZtYP6C1DZ0XHktBcwQDM2YIDULHt:KQRdrwtaUschDHIMrVjYP6C1D+XschDu

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3036	484c505fb1c206794217aef775e645ed.exe

Executes dropped EXE 1 IoCs

pid	Process
3036	484c505fb1c206794217aef775e645ed.exe

Loads dropped DLL 1 IoCs

pid	Process
1712	484c505fb1c206794217aef775e645ed.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1712-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b000000012261-10.dat	upx
behavioral1/files/0x000b000000012261-13.dat	upx
behavioral1/memory/3036-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1712	484c505fb1c206794217aef775e645ed.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1712	484c505fb1c206794217aef775e645ed.exe
3036	484c505fb1c206794217aef775e645ed.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 3036	1712	484c505fb1c206794217aef775e645ed.exe	28
PID 1712 wrote to memory of 3036	1712	484c505fb1c206794217aef775e645ed.exe	28
PID 1712 wrote to memory of 3036	1712	484c505fb1c206794217aef775e645ed.exe	28
PID 1712 wrote to memory of 3036	1712	484c505fb1c206794217aef775e645ed.exe	28

C:\Users\Admin\AppData\Local\Temp\484c505fb1c206794217aef775e645ed.exe
"C:\Users\Admin\AppData\Local\Temp\484c505fb1c206794217aef775e645ed.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Users\Admin\AppData\Local\Temp\484c505fb1c206794217aef775e645ed.exe
  C:\Users\Admin\AppData\Local\Temp\484c505fb1c206794217aef775e645ed.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\484c505fb1c206794217aef775e645ed.exe

Filesize
856KB

MD5
0baf3d2ba2939e5dd5eb8050b11119d4

SHA1
bcdd15b20ce9bda103b412118fd9affcbd266e1b

SHA256
1cb0f73933600d0b2f716b034d564881be56862292ec785e3475e664cdea0b7b

SHA512
ef7774a1b10b1099fa38f393cf2e2984620b43a3009adb4f7983d89ff08f8dd37e15fb1f61a93d3971ab8b7bcc5ff5450d4f0854883f6e8fe432f8ff098951fe

Download Submit
\Users\Admin\AppData\Local\Temp\484c505fb1c206794217aef775e645ed.exe

Filesize
818KB

MD5
a0aae15e3f9a204f2ea58aa86b2f9305

SHA1
704a85a6c7c21e9e453e78b6051483bbc84600ef

SHA256
6ce914ae3a61b9a6298b5ec1f89f582f35a4c4973c54da0458f571691328f16c

SHA512
6aa02bb7c4267721833da8e2a5a08a6d2decef970fe67d4fecce71371c2d782b8d2c57f797103fd169d64102e177290452d33e03912f2c5a43ec266bb07ead00

Download Submit
memory/1712-14-0x0000000003D90000-0x0000000004277000-memory.dmp

Filesize
4.9MB

Download
memory/1712-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1712-1-0x0000000000270000-0x00000000003A1000-memory.dmp

Filesize
1.2MB

Download
memory/1712-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1712-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3036-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3036-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3036-19-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/3036-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/3036-25-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/3036-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download