f462f066d0b7ec0d892fb42f33f8b752697c9383d0409eb33d99e4bb2d40ff85

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09-01-2024 09:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e00c74c8bf6b5f1708e320948f4c573.exe
Size

1.5MB
MD5

4e00c74c8bf6b5f1708e320948f4c573
SHA1

60bddc312bbbd89a7758461f08f03b47e0e7603f
SHA256

f462f066d0b7ec0d892fb42f33f8b752697c9383d0409eb33d99e4bb2d40ff85
SHA512

cac9cb0559c956ad5413ea87c9e4477e1637be9abf48f393ee8d133a5ce34089a441f93768cde0c4d14ef2dc57f10824fc2fe92ec7a9e95a2d3b0787db84f801
SSDEEP

24576:rTOtsh6uQB35zxh+O0yVwgskI4/wrvEA1Bow2koSL9s1bW:rTOah6uQBpyOxVwgsHDrvEuBownobb

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2896	4e00c74c8bf6b5f1708e320948f4c573.exe

Executes dropped EXE 1 IoCs

pid	Process
2896	4e00c74c8bf6b5f1708e320948f4c573.exe

Loads dropped DLL 1 IoCs

pid	Process
2188	4e00c74c8bf6b5f1708e320948f4c573.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2188-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012243-14.dat	upx
behavioral1/memory/2896-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012243-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2188	4e00c74c8bf6b5f1708e320948f4c573.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2188	4e00c74c8bf6b5f1708e320948f4c573.exe
2896	4e00c74c8bf6b5f1708e320948f4c573.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2896	2188	4e00c74c8bf6b5f1708e320948f4c573.exe	18
PID 2188 wrote to memory of 2896	2188	4e00c74c8bf6b5f1708e320948f4c573.exe	18
PID 2188 wrote to memory of 2896	2188	4e00c74c8bf6b5f1708e320948f4c573.exe	18
PID 2188 wrote to memory of 2896	2188	4e00c74c8bf6b5f1708e320948f4c573.exe	18

C:\Users\Admin\AppData\Local\Temp\4e00c74c8bf6b5f1708e320948f4c573.exe
"C:\Users\Admin\AppData\Local\Temp\4e00c74c8bf6b5f1708e320948f4c573.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Users\Admin\AppData\Local\Temp\4e00c74c8bf6b5f1708e320948f4c573.exe
  C:\Users\Admin\AppData\Local\Temp\4e00c74c8bf6b5f1708e320948f4c573.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4e00c74c8bf6b5f1708e320948f4c573.exe

Filesize
93KB

MD5
221494f7433e6123dc6ea551f5f0b3b1

SHA1
3be83309b5178f37b9c51ed91d9b9bc8c132a8cd

SHA256
6f818d1b6e4646b2640dc27172a845303272551158617786ccd1efdb9e9359df

SHA512
543a4cd629025583ed640f1bdc74ec5b08ed005498dae75dfa03a22f0da1628f6d5a114a39442702546b34149e2472849d4f9221a39c02ee879dbeda00792703

Download Submit
\Users\Admin\AppData\Local\Temp\4e00c74c8bf6b5f1708e320948f4c573.exe

Filesize
160KB

MD5
4a7011ed6e2602daa41728c0f2abb0e6

SHA1
4480250678afc3c20442e40fc7f4cef5950774aa

SHA256
29253bec3868aefd4043a082105f6b821c354bfa2a25fd4aa4ba5c3c6215ca68

SHA512
b6ef4cf0e87acd5a1a8d403bca8b7d1f0b443b23b9b86b15b0dfe072532bf7c7110362617a0bc7929ece66169cdc34b6664fcf63e2dfddef22d715ec547945dc

Download Submit
memory/2188-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2188-2-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2188-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2188-15-0x0000000003640000-0x0000000003B2F000-memory.dmp

Filesize
4.9MB

Download
memory/2188-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2896-19-0x0000000000240000-0x0000000000373000-memory.dmp

Filesize
1.2MB

Download
memory/2896-24-0x00000000034D0000-0x00000000036FA000-memory.dmp

Filesize
2.2MB

Download
memory/2896-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2896-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2896-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2896-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download