982b343304af76415b9c290f5e72a78230119b32df10c65b44eec0df1b8feae6

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09-01-2024 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49d907527ee9ac241ad73c09cb5527f3.exe
Size

2.7MB
MD5

49d907527ee9ac241ad73c09cb5527f3
SHA1

8548f550b50c9a038001b78eb1ee56f0b474f5c1
SHA256

982b343304af76415b9c290f5e72a78230119b32df10c65b44eec0df1b8feae6
SHA512

b500e79d2d2e159314abeaef06915a80ba6883abc1168c9e5ec3ebd01e3532b7c1e0a9898b46df377c9d999ff7d16f9ac59d7ce22e651a47aee140c9c944f54d
SSDEEP

49152:fKn9qiEy9tyYL+CW7g6pR9ktBc1+Q4YdxSChG38bDUggR9t:izcC9KHktBcwQDM2YIDULHt

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2736	49d907527ee9ac241ad73c09cb5527f3.exe

Executes dropped EXE 1 IoCs

pid	Process
2736	49d907527ee9ac241ad73c09cb5527f3.exe

Loads dropped DLL 1 IoCs

pid	Process
1944	49d907527ee9ac241ad73c09cb5527f3.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1944-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000900000001225b-10.dat	upx
behavioral1/memory/1944-14-0x00000000038B0000-0x0000000003D97000-memory.dmp	upx
behavioral1/memory/2736-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000900000001225b-15.dat	upx
behavioral1/files/0x000900000001225b-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1944	49d907527ee9ac241ad73c09cb5527f3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1944	49d907527ee9ac241ad73c09cb5527f3.exe
2736	49d907527ee9ac241ad73c09cb5527f3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2736	1944	49d907527ee9ac241ad73c09cb5527f3.exe	22
PID 1944 wrote to memory of 2736	1944	49d907527ee9ac241ad73c09cb5527f3.exe	22
PID 1944 wrote to memory of 2736	1944	49d907527ee9ac241ad73c09cb5527f3.exe	22
PID 1944 wrote to memory of 2736	1944	49d907527ee9ac241ad73c09cb5527f3.exe	22

C:\Users\Admin\AppData\Local\Temp\49d907527ee9ac241ad73c09cb5527f3.exe
"C:\Users\Admin\AppData\Local\Temp\49d907527ee9ac241ad73c09cb5527f3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Users\Admin\AppData\Local\Temp\49d907527ee9ac241ad73c09cb5527f3.exe
  C:\Users\Admin\AppData\Local\Temp\49d907527ee9ac241ad73c09cb5527f3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\49d907527ee9ac241ad73c09cb5527f3.exe

Filesize
73KB

MD5
cf9db8e897116a7d0edbcbe5c2e029a9

SHA1
5c1b1cb738bd20aaea167f98215343e136a816b1

SHA256
0a83be8f4afd586e112cf627e04a5e1a2f00966ca1643a346be29754c794f1a6

SHA512
cc23ccb9b90762887e952bc79f1cc4b0f35922157edad93257ca5824c1feb71507d2cdefb2b96e943d266e11275924853187537d1d7d440740b0ed359a79f0ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\49d907527ee9ac241ad73c09cb5527f3.exe

Filesize
45KB

MD5
e8e3364a5fcfad0c4fa345240e956979

SHA1
b57a3bc53f189e3a6ad280f294e3fe6d68ae255c

SHA256
bd07dec9731f4120f5b3674a331e6922b1f3f7c8ef01018c5fc745851fdad937

SHA512
728b2f50481d64b1e532c45c28f0c9c0730e7892dd416990dc3e7db1cf8bec73ee4bba2b72d3c0b8581c8e76ac6e9e5813e00cd86f78d4ca0bf47117a325fadf

Download Submit
\Users\Admin\AppData\Local\Temp\49d907527ee9ac241ad73c09cb5527f3.exe

Filesize
61KB

MD5
0c1e801bb9b5dd6d113de8519b06c7ba

SHA1
d3e44964556ee94a55a8f2155cbb982039fc7c02

SHA256
25090c9f7be753aaa055745d0b644947bcd6318d87b033a0577af1da654a1183

SHA512
84eefdd182d5f1450cb7187917f2c5fe0b74bca43e58df154c319953a44542664a8be28742c2b91d9c8e92a01022b6e8ba1a45416858b114e08af417bc8f2ebf

Download Submit
memory/1944-2-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/1944-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1944-14-0x00000000038B0000-0x0000000003D97000-memory.dmp

Filesize
4.9MB

Download
memory/1944-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1944-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2736-18-0x00000000002A0000-0x00000000003D1000-memory.dmp

Filesize
1.2MB

Download
memory/2736-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2736-24-0x0000000003510000-0x0000000003732000-memory.dmp

Filesize
2.1MB

Download
memory/2736-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2736-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2736-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download