f48fa382efddcc2fabf14c1b4396bcca101c1638b92c51d73ed6a00569188b7c

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10-01-2024 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f198a3dac602509e29e1a7f2b9447b3.exe
Size

1.3MB
MD5

4f198a3dac602509e29e1a7f2b9447b3
SHA1

78a94f26017f7154af3487543a494cf8e06b0e71
SHA256

f48fa382efddcc2fabf14c1b4396bcca101c1638b92c51d73ed6a00569188b7c
SHA512

b5f511bbd5b94d0cfc54e891640f8df9ce35feee6f4216ef9e0a40690d5d393cb648fd0b639fc3b0c4b3cf235cb42496f5de37f4fd08c60960438b1e9a6dac9c
SSDEEP

24576:h8wxtHizSIe5KDxGKadrTJdNrw9O+MxyVA/56w449Z65CvG:hTxNV5KUJTJrkI+MxyVA/5d+

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2416	4f198a3dac602509e29e1a7f2b9447b3.exe

Executes dropped EXE 1 IoCs

pid	Process
2416	4f198a3dac602509e29e1a7f2b9447b3.exe

Loads dropped DLL 1 IoCs

pid	Process
1276	4f198a3dac602509e29e1a7f2b9447b3.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1276-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000b00000001226e-11.dat	upx
behavioral1/memory/2416-18-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000b00000001226e-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1276	4f198a3dac602509e29e1a7f2b9447b3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1276	4f198a3dac602509e29e1a7f2b9447b3.exe
2416	4f198a3dac602509e29e1a7f2b9447b3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 2416	1276	4f198a3dac602509e29e1a7f2b9447b3.exe	28
PID 1276 wrote to memory of 2416	1276	4f198a3dac602509e29e1a7f2b9447b3.exe	28
PID 1276 wrote to memory of 2416	1276	4f198a3dac602509e29e1a7f2b9447b3.exe	28
PID 1276 wrote to memory of 2416	1276	4f198a3dac602509e29e1a7f2b9447b3.exe	28

C:\Users\Admin\AppData\Local\Temp\4f198a3dac602509e29e1a7f2b9447b3.exe
"C:\Users\Admin\AppData\Local\Temp\4f198a3dac602509e29e1a7f2b9447b3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Users\Admin\AppData\Local\Temp\4f198a3dac602509e29e1a7f2b9447b3.exe
  C:\Users\Admin\AppData\Local\Temp\4f198a3dac602509e29e1a7f2b9447b3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4f198a3dac602509e29e1a7f2b9447b3.exe

Filesize
27KB

MD5
ad7506132fdf3a775ece37edfb9cf1cb

SHA1
e34e837c8d4021ce3bd9da5e7200e3ed9ee1b3de

SHA256
de76de242d318e197f2aa2f10677d7950614b721add5f34a21f4984984f95687

SHA512
74dbef38bcaa1c69ca16f8c81857e74b9aad48ba09d8f6234be3100f39ed466c4c85be8813bcf76675ad687ef0ec7573fae530d9c8018a1bb5e23ce8cd4c7c3d

Download Submit
\Users\Admin\AppData\Local\Temp\4f198a3dac602509e29e1a7f2b9447b3.exe

Filesize
45KB

MD5
02ab5e9faf943fb682eb3d4f4ea44588

SHA1
4a0827ce0eab7701d89497b4a1051979164a4a21

SHA256
cb995ad099a03222d2dd8d036b99f3fb55102bb5b9fa3ce4e2886a61f508cfa2

SHA512
c8b18bb2ac5d411b444740d47221daaf21c7ced56e21535af1dd84da91d4ad616c6aa2fef636636c04044d1a683fb79f5f78845bba3ad48e6e5a49ceee908b60

Download Submit
memory/1276-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1276-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/1276-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1276-14-0x0000000000700000-0x0000000000861000-memory.dmp

Filesize
1.4MB

Download
memory/1276-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1276-16-0x0000000003410000-0x000000000387A000-memory.dmp

Filesize
4.4MB

Download
memory/2416-20-0x0000000000250000-0x0000000000362000-memory.dmp

Filesize
1.1MB

Download
memory/2416-19-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2416-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2416-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download