fc47febee87aa418de83c92f12569fa9159cc1076e6896f347eae6e5a676f787

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08-01-2024 08:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4af54cee210af8711a3e2a36d11024ed.exe
Size

2.7MB
MD5

4af54cee210af8711a3e2a36d11024ed
SHA1

edba36f807d03f7ae05458bf642187761cf6eae8
SHA256

fc47febee87aa418de83c92f12569fa9159cc1076e6896f347eae6e5a676f787
SHA512

bc1045af0afa9ac1ebda3e9175713d56c218e48898c6df4763933045a126db5c42f3b5ca5c6d8cddb8fc031121865440f0821dfa7f48514480cf82d07af6079c
SSDEEP

49152:5fNgXmHSzy2xal7pc0grQLMR91UKTw9zEzeaxuiluUY9R9j:xYc2AFpR/4H1UKMezXY+cHj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2660	4af54cee210af8711a3e2a36d11024ed.exe

Executes dropped EXE 1 IoCs

pid	Process
2660	4af54cee210af8711a3e2a36d11024ed.exe

Loads dropped DLL 1 IoCs

pid	Process
1288	4af54cee210af8711a3e2a36d11024ed.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1288-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0008000000012267-13.dat	upx
behavioral1/files/0x0008000000012267-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1288	4af54cee210af8711a3e2a36d11024ed.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1288	4af54cee210af8711a3e2a36d11024ed.exe
2660	4af54cee210af8711a3e2a36d11024ed.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 2660	1288	4af54cee210af8711a3e2a36d11024ed.exe	28
PID 1288 wrote to memory of 2660	1288	4af54cee210af8711a3e2a36d11024ed.exe	28
PID 1288 wrote to memory of 2660	1288	4af54cee210af8711a3e2a36d11024ed.exe	28
PID 1288 wrote to memory of 2660	1288	4af54cee210af8711a3e2a36d11024ed.exe	28

C:\Users\Admin\AppData\Local\Temp\4af54cee210af8711a3e2a36d11024ed.exe
"C:\Users\Admin\AppData\Local\Temp\4af54cee210af8711a3e2a36d11024ed.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Users\Admin\AppData\Local\Temp\4af54cee210af8711a3e2a36d11024ed.exe
  C:\Users\Admin\AppData\Local\Temp\4af54cee210af8711a3e2a36d11024ed.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4af54cee210af8711a3e2a36d11024ed.exe

Filesize
1.4MB

MD5
fe1a7a80393b7653055d625d5d8e969d

SHA1
112c418597815afb8d1c023147c5e76fa35da60b

SHA256
049e79fc710b799dca5d447e7a69a1ed3685b948dc8892e578a35ddc9226cda8

SHA512
c0e219d278b4dac366ce90f56ad3b694d9d7cf2110c1c22164ed3f2f5b4634b43d8e63cdc40f4a10ba6d1ba91eb6b63cc412579dfd25918342c69d6cc2795a84

Download Submit
\Users\Admin\AppData\Local\Temp\4af54cee210af8711a3e2a36d11024ed.exe

Filesize
1.4MB

MD5
52590ae4c4396ad5259cb60819bb5a37

SHA1
603d1b01122ceed72b729b26646172d09104b506

SHA256
26c9cce2d3794d59cfad41f50e5011570c5b7c85401a36d73f72d9e9cc70a192

SHA512
023de885c112b6db5f65251cdad70e2ba85b699b199ae4dd2e3bb5d83e7e5fffd7f335868bb6bcb68dd0ac717d49b74737630e19a9607313a8b285a7e7e1d277

Download Submit
memory/1288-15-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/1288-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1288-0-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1288-3-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1288-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1288-32-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/2660-18-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2660-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2660-19-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2660-24-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2660-26-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2660-33-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download