bc6cfba885b8c5da3cafac49eb739815b3dcefb6a9672a6d8e0b70f6ec83b6c5

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07-01-2024 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48e7ec0cc2541869e82ff7b3ed89698f.exe
Size

1.5MB
MD5

48e7ec0cc2541869e82ff7b3ed89698f
SHA1

0983ba78d6c543361d0ded38b042038ab94af403
SHA256

bc6cfba885b8c5da3cafac49eb739815b3dcefb6a9672a6d8e0b70f6ec83b6c5
SHA512

0700b0018f0b2819714b5cfde5198ebcea10d7da0debb47e06456419d8ad4b27d4e75aea8d4523cf9fbba167acfeb6d2cac678eca7e7f11eb4b1d89c9b4341ab
SSDEEP

24576:sHAcPduj4BHn0MIuchhyDuCLkZATWJH5I48/ppx9MrW:sgcPduOHn0MfcPyUZATWJZj8h39Mr

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1672	48e7ec0cc2541869e82ff7b3ed89698f.exe

Executes dropped EXE 1 IoCs

pid	Process
1672	48e7ec0cc2541869e82ff7b3ed89698f.exe

Loads dropped DLL 1 IoCs

pid	Process
2052	48e7ec0cc2541869e82ff7b3ed89698f.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2052-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001224a-10.dat	upx
behavioral1/memory/1672-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2052	48e7ec0cc2541869e82ff7b3ed89698f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2052	48e7ec0cc2541869e82ff7b3ed89698f.exe
1672	48e7ec0cc2541869e82ff7b3ed89698f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 1672	2052	48e7ec0cc2541869e82ff7b3ed89698f.exe	28
PID 2052 wrote to memory of 1672	2052	48e7ec0cc2541869e82ff7b3ed89698f.exe	28
PID 2052 wrote to memory of 1672	2052	48e7ec0cc2541869e82ff7b3ed89698f.exe	28
PID 2052 wrote to memory of 1672	2052	48e7ec0cc2541869e82ff7b3ed89698f.exe	28

C:\Users\Admin\AppData\Local\Temp\48e7ec0cc2541869e82ff7b3ed89698f.exe
"C:\Users\Admin\AppData\Local\Temp\48e7ec0cc2541869e82ff7b3ed89698f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\AppData\Local\Temp\48e7ec0cc2541869e82ff7b3ed89698f.exe
  C:\Users\Admin\AppData\Local\Temp\48e7ec0cc2541869e82ff7b3ed89698f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\48e7ec0cc2541869e82ff7b3ed89698f.exe

Filesize
1.5MB

MD5
0f85e3c062eeb47b5e56d7c0a5c60cdd

SHA1
9b79bf61075e185a9edc3b225a5d8a9eaa3b4cbd

SHA256
450243f8739bed301fa6e7f594870265f5f3dd8960ce8968e7dec479bb720009

SHA512
59ba28b5bb1b86ccd0d8ba68d7f768626aa413f4a8a4778219e11dad55f6945c438efd128f743da2c44fd8357f2de3e187636156e59ac6bb7bb88a93a363ea8e

Download Submit
memory/1672-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1672-17-0x0000000000280000-0x00000000003B3000-memory.dmp

Filesize
1.2MB

Download
memory/1672-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1672-24-0x00000000036A0000-0x00000000038CA000-memory.dmp

Filesize
2.2MB

Download
memory/1672-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1672-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2052-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2052-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2052-14-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2052-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2052-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2052-31-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download