a665353fcdbb9ba506a1852fd2a5eb1233e523438392b015e2f8a70398ccb93d

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 16:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4ec1eede7422797eed391348867076bf.exe
Size

11.7MB
MD5

4ec1eede7422797eed391348867076bf
SHA1

caefb2d1f384cb4ce57fae93c9e1123be84eff07
SHA256

a665353fcdbb9ba506a1852fd2a5eb1233e523438392b015e2f8a70398ccb93d
SHA512

90380608e3c386fcfebcfe94c775e75c0aefa960c989fa9050f8263a7a34cd8e4f72bd2c631e34b1c3c0c766ef14661d8acbcef692112762e66a68c1b23e3435
SSDEEP

196608:wmvJ3Csauq1jI86FA7y2auq1jI865AIrIjkmW6Mauq1jI86FA7y2auq1jI86:wmvJ3DlHSzlH5rIn/glHSzlH

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1820	4ec1eede7422797eed391348867076bf.exe

Executes dropped EXE 1 IoCs

pid	Process
1820	4ec1eede7422797eed391348867076bf.exe

Loads dropped DLL 1 IoCs

pid	Process
3056	4ec1eede7422797eed391348867076bf.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3056-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000800000001224a-10.dat	upx
behavioral1/files/0x000800000001224a-14.dat	upx
behavioral1/memory/1820-15-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3056	4ec1eede7422797eed391348867076bf.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3056	4ec1eede7422797eed391348867076bf.exe
1820	4ec1eede7422797eed391348867076bf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1820	3056	4ec1eede7422797eed391348867076bf.exe	28
PID 3056 wrote to memory of 1820	3056	4ec1eede7422797eed391348867076bf.exe	28
PID 3056 wrote to memory of 1820	3056	4ec1eede7422797eed391348867076bf.exe	28
PID 3056 wrote to memory of 1820	3056	4ec1eede7422797eed391348867076bf.exe	28

C:\Users\Admin\AppData\Local\Temp\4ec1eede7422797eed391348867076bf.exe
"C:\Users\Admin\AppData\Local\Temp\4ec1eede7422797eed391348867076bf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Users\Admin\AppData\Local\Temp\4ec1eede7422797eed391348867076bf.exe
  C:\Users\Admin\AppData\Local\Temp\4ec1eede7422797eed391348867076bf.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4ec1eede7422797eed391348867076bf.exe

Filesize
55KB

MD5
266ae3b239052e6dfb822e20adc8b6c1

SHA1
0b0197fed1ba6bf66893416257d3047f372e08df

SHA256
3abeb4cd5471d905bdbf2fe0f2535c371c4aa424cc258e1b47e91fcd712e6a2a

SHA512
fc70166eabf3314298741c484e5adfb640374660574dc8b363d4ee76d99d4a784fc7b0165846a5b15f26435fb52db5fae82e5895354e34fc95c281bee350c588

Download Submit
\Users\Admin\AppData\Local\Temp\4ec1eede7422797eed391348867076bf.exe

Filesize
126KB

MD5
18d17edcc1afda8521b0a7eae3835834

SHA1
ff418ca14045caebbf58b87d16ff4a0a7ac777c5

SHA256
d9ef937604a7bc2c68f6128be0725f37b40c46b68d009f5c5b7e2ca8c5d2f175

SHA512
f50621721aacc3204304ca236b5e49bf4b6df98f25295b6dad94e48357137be9f0b69b94383d51c6c0752a59a4ad3e32f67ba4c5a180f8ca12ae35bb7e8b1f0b

Download Submit
memory/1820-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1820-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1820-17-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/1820-24-0x0000000003540000-0x000000000376A000-memory.dmp

Filesize
2.2MB

Download
memory/1820-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1820-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3056-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3056-12-0x0000000004C50000-0x000000000513F000-memory.dmp

Filesize
4.9MB

Download
memory/3056-2-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/3056-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3056-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download