6023379efb91da33aaa5280200af8e79a9306ff71aebcfacd4d479878eea1e28

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e3490adb702ae3b86915ffe269d0e78.exe
Size

2.9MB
MD5

4e3490adb702ae3b86915ffe269d0e78
SHA1

e8f7a3718cc5397a0fbf6508a68aa9d3c84f6fcb
SHA256

6023379efb91da33aaa5280200af8e79a9306ff71aebcfacd4d479878eea1e28
SHA512

046a3fbaf288d95a5975351f9ffd138ae3c427c6cd0d4595c8842f5cff20ffbc797f13a4193109e02934b2352efff1cde8d734696a616ec2a35b7a00f1e6f1c3
SSDEEP

49152:Gom1VafO9sHd7wwFu58RiN74NH5HUyNRcUsCVOzetdZJ:81V0d7ww0p4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2224	4e3490adb702ae3b86915ffe269d0e78.exe

Executes dropped EXE 1 IoCs

pid	Process
2224	4e3490adb702ae3b86915ffe269d0e78.exe

Loads dropped DLL 1 IoCs

pid	Process
2232	4e3490adb702ae3b86915ffe269d0e78.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2232-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000015626-13.dat	upx
behavioral1/files/0x000a000000015626-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2232	4e3490adb702ae3b86915ffe269d0e78.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2232	4e3490adb702ae3b86915ffe269d0e78.exe
2224	4e3490adb702ae3b86915ffe269d0e78.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2224	2232	4e3490adb702ae3b86915ffe269d0e78.exe	28
PID 2232 wrote to memory of 2224	2232	4e3490adb702ae3b86915ffe269d0e78.exe	28
PID 2232 wrote to memory of 2224	2232	4e3490adb702ae3b86915ffe269d0e78.exe	28
PID 2232 wrote to memory of 2224	2232	4e3490adb702ae3b86915ffe269d0e78.exe	28

C:\Users\Admin\AppData\Local\Temp\4e3490adb702ae3b86915ffe269d0e78.exe
"C:\Users\Admin\AppData\Local\Temp\4e3490adb702ae3b86915ffe269d0e78.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Users\Admin\AppData\Local\Temp\4e3490adb702ae3b86915ffe269d0e78.exe
  C:\Users\Admin\AppData\Local\Temp\4e3490adb702ae3b86915ffe269d0e78.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4e3490adb702ae3b86915ffe269d0e78.exe

Filesize
894KB

MD5
24306c6cb0c05f568e15b6ec6398e011

SHA1
472480cf1a2675f8386cdea5fac6736465ae36ef

SHA256
6a5bc5b744db37e6c787de0c834a3c2d67b0b4ee449f958ba9ed2c8bf96047cc

SHA512
7909ccf9ed5d457fa3865cfff21632ebc46f0e2d31c4ec15b8f8cb3c31ec5a05e7777174167c379c10d8fd9a3117187844d36324dd6ba79f50740db3e4ff57e7

Download Submit
\Users\Admin\AppData\Local\Temp\4e3490adb702ae3b86915ffe269d0e78.exe

Filesize
392KB

MD5
6f33e2781774da641cd2b535d31beb2c

SHA1
03594a6d52d1fcff335af885ea2971bd3b28e99b

SHA256
ad075f205c171065b42fe54816e60ff1e3b839dd7397d60a9a1bc299c5af7394

SHA512
3f788a4dbdd84ca44897f452b36a9dd63a010045fae36f85b6a19817fe7fbb415c0fd29a2071eb9aabb8f44b223a8c28a9d0cfb28fb2bc812317c877d486b649

Download Submit
memory/2224-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2224-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2224-19-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2224-25-0x0000000003420000-0x000000000364A000-memory.dmp

Filesize
2.2MB

Download
memory/2224-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2224-17-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2232-15-0x0000000003940000-0x0000000003E2F000-memory.dmp

Filesize
4.9MB

Download
memory/2232-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2232-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2232-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2232-31-0x0000000003940000-0x0000000003E2F000-memory.dmp

Filesize
4.9MB

Download
memory/2232-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download