ac7e6d09082a0330afee877679b03067d5f91e45fc40d1e5467bf924b5692ac2

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09-01-2024 09:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe
Size

10.6MB
MD5

4df0cfe9fcdf8c9fb535cf2d87c6e99d
SHA1

b1d22ad49f522931521df428032236b940f4024b
SHA256

ac7e6d09082a0330afee877679b03067d5f91e45fc40d1e5467bf924b5692ac2
SHA512

bd5974693b505b8dd2d6570c8bf4b7420bb9cba887c73d9e3bb054684d63cf17bb44185206932d46ded2ca3b59dbe26550ef0d44e0c73ce9a7b75c5bb85c537a
SSDEEP

196608:PfcAB8tGXFW1BTtNDZXFWVE5tGGEXFW1BTtNDZXFWD:ncACrNDnhFrNDK

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2712	4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe

Executes dropped EXE 1 IoCs

pid	Process
2712	4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe

Loads dropped DLL 1 IoCs

pid	Process
2800	4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2800-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a00000001225a-10.dat	upx
behavioral1/memory/2712-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a00000001225a-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2800	4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2800	4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe
2712	4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 2712	2800	4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe	28
PID 2800 wrote to memory of 2712	2800	4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe	28
PID 2800 wrote to memory of 2712	2800	4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe	28
PID 2800 wrote to memory of 2712	2800	4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe	28

C:\Users\Admin\AppData\Local\Temp\4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe
"C:\Users\Admin\AppData\Local\Temp\4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Users\Admin\AppData\Local\Temp\4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe
  C:\Users\Admin\AppData\Local\Temp\4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe

Filesize
1.6MB

MD5
970d959fcfffaf8655c8685904c8b2ab

SHA1
c2195dca209dfa55a49e8a2074976a576402be15

SHA256
a9c954bb34f3ef58069fd6c54aa1daf351a82d21215fa07626c5c35ea75e8720

SHA512
e5c6bedbf1f6973dab135edd02fe6d7bf9f716dbc86a2a8b777e3eb81edb9deae9b41520bc036427ca6061eeba0ff6fb0c341858ad25a050f0d0ac7b4ae265ea

Download Submit
\Users\Admin\AppData\Local\Temp\4df0cfe9fcdf8c9fb535cf2d87c6e99d.exe

Filesize
707KB

MD5
383a9e76182086400cf8db7b6159268e

SHA1
813b30586438fdf38f1b1876427edb15eaec1851

SHA256
cc019cf682df9f8f2e39fdca0acec82af7f4057015bd842b137fbe9c22cc9778

SHA512
abb12035b4eec2830558da88963d14d474e3df5a0533b3901f0b17692ff7654ab6d589a2bbd74be2a2e4eaa87e495284bcd8b60ee9a55035f4297fa71702a6c2

Download Submit
memory/2712-24-0x00000000034E0000-0x0000000003702000-memory.dmp

Filesize
2.1MB

Download
memory/2712-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2712-18-0x0000000000270000-0x00000000003A1000-memory.dmp

Filesize
1.2MB

Download
memory/2712-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2712-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2712-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2800-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2800-13-0x0000000004740000-0x0000000004C27000-memory.dmp

Filesize
4.9MB

Download
memory/2800-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2800-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2800-1-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2800-31-0x0000000004740000-0x0000000004C27000-memory.dmp

Filesize
4.9MB

Download