4cd94f53003a651061871c4f0d217f12ed6cca9be4f28fdfc7a5f496ffcc4ce1

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51d5bee15256da60d620ac3326cabdf1.exe
Size

5.8MB
MD5

51d5bee15256da60d620ac3326cabdf1
SHA1

f359d7fce77e935fc934604bfc8be614d32690a6
SHA256

4cd94f53003a651061871c4f0d217f12ed6cca9be4f28fdfc7a5f496ffcc4ce1
SHA512

5bc34db977baf65bde6d5e9544ef44fd2dac2a2688f5402d9863a71bbd598acf26e1c644025e47b991b758224b05b87da6d70837ce5008cd952977c5bfed6c6e
SSDEEP

98304:3u2dL6JBiLjHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:3ZduOnauq1jI86FA7y2auq1jI86

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2400	51d5bee15256da60d620ac3326cabdf1.exe

Executes dropped EXE 1 IoCs

pid	Process
2400	51d5bee15256da60d620ac3326cabdf1.exe

Loads dropped DLL 1 IoCs

pid	Process
1224	51d5bee15256da60d620ac3326cabdf1.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1224-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012251-10.dat	upx
behavioral1/files/0x000b000000012251-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1224	51d5bee15256da60d620ac3326cabdf1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1224	51d5bee15256da60d620ac3326cabdf1.exe
2400	51d5bee15256da60d620ac3326cabdf1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 2400	1224	51d5bee15256da60d620ac3326cabdf1.exe	28
PID 1224 wrote to memory of 2400	1224	51d5bee15256da60d620ac3326cabdf1.exe	28
PID 1224 wrote to memory of 2400	1224	51d5bee15256da60d620ac3326cabdf1.exe	28
PID 1224 wrote to memory of 2400	1224	51d5bee15256da60d620ac3326cabdf1.exe	28

C:\Users\Admin\AppData\Local\Temp\51d5bee15256da60d620ac3326cabdf1.exe
"C:\Users\Admin\AppData\Local\Temp\51d5bee15256da60d620ac3326cabdf1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Users\Admin\AppData\Local\Temp\51d5bee15256da60d620ac3326cabdf1.exe
  C:\Users\Admin\AppData\Local\Temp\51d5bee15256da60d620ac3326cabdf1.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\51d5bee15256da60d620ac3326cabdf1.exe

Filesize
83KB

MD5
bcc6411ae618df7e26cff0517676c78f

SHA1
e198c3e2c257b848bf3e53c485f8314054c36a49

SHA256
41a46fd8f2cb481cce9f302a949374b4344b28e972c51a44f03ded835f2d54a7

SHA512
a0ffba942dfb09dc81a8f6ff7cf6c36f8200ab4aae0d175fc7255c8dddbf71d2ec85e5d3dcb030099cddfe7a1f58a66bbb29834325569eb64f919081e0e5fd8c

Download Submit
\Users\Admin\AppData\Local\Temp\51d5bee15256da60d620ac3326cabdf1.exe

Filesize
146KB

MD5
11781d7240abab28000c37763f188b4f

SHA1
b1df2c5f134643e8c5e7859cdb186591bf4a9680

SHA256
d3af05b0ea05c0e2f29000faa3f5911ebffc36c246314dbd119d42078b8f1254

SHA512
7c38b925d4ac6e137faae2e2d678340bf23537af2d4f9329b5ba92072ab03c5f01680e766fd98e09e0df5fd99fa01897de33968a29d3b0bec92618b49dd709b9

Download Submit
memory/1224-15-0x0000000003F30000-0x000000000441F000-memory.dmp

Filesize
4.9MB

Download
memory/1224-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1224-2-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1224-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1224-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1224-30-0x0000000003F30000-0x000000000441F000-memory.dmp

Filesize
4.9MB

Download
memory/2400-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2400-23-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2400-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2400-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2400-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download