57e6e35a64fc68a910ec335d41337f649438d7628f43a6d8d9f3242785f6686d

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e523961878f10508358260aeb9eb02c.exe
Size

1.3MB
MD5

4e523961878f10508358260aeb9eb02c
SHA1

ac78c344fcc513f31590aacd5359cd535a1d9054
SHA256

57e6e35a64fc68a910ec335d41337f649438d7628f43a6d8d9f3242785f6686d
SHA512

b51111fc6aed1351d1982e4a3dbb27797ac34756f3b110bfca4c4a57a9655d604d4e4fe82d23bb74416f4e284025c77aab237d9ced3c36f762bc89dd08210008
SSDEEP

24576:b50Wnt53b4kaDEPI6ZE8zE6lr2R2/QR/PVCiGDjf6upvgdSIc+M8joz2a4Wc:B/3b4TDEPjZTE6lr/QRn9GDD68gLolYp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2296	4e523961878f10508358260aeb9eb02c.exe

Executes dropped EXE 1 IoCs

pid	Process
2296	4e523961878f10508358260aeb9eb02c.exe

Loads dropped DLL 1 IoCs

pid	Process
1056	4e523961878f10508358260aeb9eb02c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2296-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012251-13.dat	upx
behavioral1/files/0x000c000000012251-10.dat	upx
behavioral1/memory/1056-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1056	4e523961878f10508358260aeb9eb02c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1056	4e523961878f10508358260aeb9eb02c.exe
2296	4e523961878f10508358260aeb9eb02c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 2296	1056	4e523961878f10508358260aeb9eb02c.exe	15
PID 1056 wrote to memory of 2296	1056	4e523961878f10508358260aeb9eb02c.exe	15
PID 1056 wrote to memory of 2296	1056	4e523961878f10508358260aeb9eb02c.exe	15
PID 1056 wrote to memory of 2296	1056	4e523961878f10508358260aeb9eb02c.exe	15

C:\Users\Admin\AppData\Local\Temp\4e523961878f10508358260aeb9eb02c.exe
"C:\Users\Admin\AppData\Local\Temp\4e523961878f10508358260aeb9eb02c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Users\Admin\AppData\Local\Temp\4e523961878f10508358260aeb9eb02c.exe
  C:\Users\Admin\AppData\Local\Temp\4e523961878f10508358260aeb9eb02c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4e523961878f10508358260aeb9eb02c.exe

Filesize
49KB

MD5
d3d8d125049245d309674f139dac015c

SHA1
938cf4d43d1465a8475b92c7d63f05f9d863da62

SHA256
3ebaaa273c046a301914e7381fb1a3a7bbecbab75d7a696271709a5248d239ac

SHA512
100c8867f9d9dbcead5b9e9167e8d2372bf86515795d46adfcf95c459b1b754d88c25096f09eb23ad1adb3deb7030d1dece610ba3ddcdbfc3ba38344c2aa9ed8

Download Submit
\Users\Admin\AppData\Local\Temp\4e523961878f10508358260aeb9eb02c.exe

Filesize
59KB

MD5
c25365d2f605c352b82c9fc966879ba9

SHA1
11f02cbe3599376ff5b464a1b2a0cee52e570cbc

SHA256
6e6eb602005a36e9adb980d0c59ce4547d711b87dab02d4a5cda64ec417b807c

SHA512
cac422969e477038a9fa289e47b56e93f40140e84f5efeeb9e686b91ddb72e40d7639ed96ee620f6efd93e55b0f275cf656a8f248c0d8fc383d12eaff6f7a200

Download Submit
memory/1056-15-0x00000000034C0000-0x00000000039AF000-memory.dmp

Filesize
4.9MB

Download
memory/1056-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/1056-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1056-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1056-31-0x00000000034C0000-0x00000000039AF000-memory.dmp

Filesize
4.9MB

Download
memory/1056-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2296-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2296-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2296-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2296-19-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/2296-25-0x0000000003500000-0x000000000372A000-memory.dmp

Filesize
2.2MB

Download
memory/2296-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download