c3a6627cf7c7fc06d012e622a30027834bb8c2ffc57356a934b70df745560b66

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10-01-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f6a5962c5fd84abb25a96f85797ef12.exe
Size

2.7MB
MD5

4f6a5962c5fd84abb25a96f85797ef12
SHA1

b30a1b4f11fcef12bc2925eec0bd700153118ab8
SHA256

c3a6627cf7c7fc06d012e622a30027834bb8c2ffc57356a934b70df745560b66
SHA512

dac7e8e899a05620a154501161629e1f5fc241080b4d133e6f0ecfae5f4e69c674484f8a02962f9c5f0c8bfdfbf6f659e8dde460ad5bf6ace8d2af402f9e4de8
SSDEEP

49152:xfmVdy3eAmnlrJqv3iYSHvv648r9fsHAJImSLMW:x6k3eA8bqv3xSPv64i956mSLMW

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2852	4f6a5962c5fd84abb25a96f85797ef12.exe

Executes dropped EXE 1 IoCs

pid	Process
2852	4f6a5962c5fd84abb25a96f85797ef12.exe

Loads dropped DLL 1 IoCs

pid	Process
2224	4f6a5962c5fd84abb25a96f85797ef12.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2224-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000b000000012243-11.dat	upx
behavioral1/files/0x000b000000012243-16.dat	upx
behavioral1/memory/2852-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2224	4f6a5962c5fd84abb25a96f85797ef12.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2224	4f6a5962c5fd84abb25a96f85797ef12.exe
2852	4f6a5962c5fd84abb25a96f85797ef12.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2852	2224	4f6a5962c5fd84abb25a96f85797ef12.exe	28
PID 2224 wrote to memory of 2852	2224	4f6a5962c5fd84abb25a96f85797ef12.exe	28
PID 2224 wrote to memory of 2852	2224	4f6a5962c5fd84abb25a96f85797ef12.exe	28
PID 2224 wrote to memory of 2852	2224	4f6a5962c5fd84abb25a96f85797ef12.exe	28

C:\Users\Admin\AppData\Local\Temp\4f6a5962c5fd84abb25a96f85797ef12.exe
"C:\Users\Admin\AppData\Local\Temp\4f6a5962c5fd84abb25a96f85797ef12.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\4f6a5962c5fd84abb25a96f85797ef12.exe
  C:\Users\Admin\AppData\Local\Temp\4f6a5962c5fd84abb25a96f85797ef12.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4f6a5962c5fd84abb25a96f85797ef12.exe

Filesize
2.7MB

MD5
a0499e23ea8f50042640a0aab2ae12fa

SHA1
e37eac8b5654a03a6143080280b2bd1e4bb560e0

SHA256
a51b0445c0c8ae577fcd92d7272cbf9ea157b1885372f73bf8aa07858a3e21ef

SHA512
59f7cc3688d57db6448890814272e1937afb108905c689ba3a568b07b0a6024ad2f2037519db890d992265d94629d021aaed0c336b7fac38020f4e309f692781

Download Submit
\Users\Admin\AppData\Local\Temp\4f6a5962c5fd84abb25a96f85797ef12.exe

Filesize
2.4MB

MD5
eea198e3085a7aac37936a5d7f903206

SHA1
b875317023e885ad73080462d259272c8f21cc96

SHA256
f48d114061464dbd394ef036c5dc9bcab81211d5fb98426bb99f6cc51e7931b0

SHA512
6e1488d12d4d246dfde239d3f60df4ab35ab585e6a333c465076b21f79f24bb0a9243ceed3983a73fd0d9185ac6b915e85ff3073b5d3c191d317f8eeb73d8b74

Download Submit
memory/2224-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2224-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2224-3-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2224-15-0x0000000003690000-0x0000000003AFA000-memory.dmp

Filesize
4.4MB

Download
memory/2224-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2224-26-0x0000000003690000-0x0000000003AFA000-memory.dmp

Filesize
4.4MB

Download
memory/2852-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2852-18-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2852-19-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2852-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download