56a2b83a15b4c7a7fc7b1517a8ca69a5cc33558c3fddd9bfaa3202e7b8d2dbca

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 08:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

50163654d6a17e8d2978464612ead67e.exe
Size

2.4MB
MD5

50163654d6a17e8d2978464612ead67e
SHA1

9fc52c34ca8223bcf8c9a307c0215279dca4830a
SHA256

56a2b83a15b4c7a7fc7b1517a8ca69a5cc33558c3fddd9bfaa3202e7b8d2dbca
SHA512

99aa2ee18ac877e7131b36335fa3a301154dc647db3329f7c0455ab17d650b105ce58e6b421e8418d99f4b4ed601b5a0db338c72e43196c35a90cf92fca5a5be
SSDEEP

49152:Dpfad478eO6NHkcmI3PAz2RP4M338dB2IBlGuuDVUsdxxjr:Dy47VBecmFIgg3gnl/IVUs1jr

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1740	50163654d6a17e8d2978464612ead67e.exe

Executes dropped EXE 1 IoCs

pid	Process
1740	50163654d6a17e8d2978464612ead67e.exe

Loads dropped DLL 1 IoCs

pid	Process
2380	50163654d6a17e8d2978464612ead67e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000a00000001224d-10.dat	upx
behavioral1/files/0x000a00000001224d-13.dat	upx
behavioral1/memory/2380-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2380	50163654d6a17e8d2978464612ead67e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2380	50163654d6a17e8d2978464612ead67e.exe
1740	50163654d6a17e8d2978464612ead67e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 1740	2380	50163654d6a17e8d2978464612ead67e.exe	16
PID 2380 wrote to memory of 1740	2380	50163654d6a17e8d2978464612ead67e.exe	16
PID 2380 wrote to memory of 1740	2380	50163654d6a17e8d2978464612ead67e.exe	16
PID 2380 wrote to memory of 1740	2380	50163654d6a17e8d2978464612ead67e.exe	16

C:\Users\Admin\AppData\Local\Temp\50163654d6a17e8d2978464612ead67e.exe
C:\Users\Admin\AppData\Local\Temp\50163654d6a17e8d2978464612ead67e.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1740

C:\Users\Admin\AppData\Local\Temp\50163654d6a17e8d2978464612ead67e.exe
"C:\Users\Admin\AppData\Local\Temp\50163654d6a17e8d2978464612ead67e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\50163654d6a17e8d2978464612ead67e.exe

Filesize
6KB

MD5
1988c6eeef2bd579b1e23c2c3537631e

SHA1
3c39c30e8ee90ade80b3acaa2f678883255726d4

SHA256
050b35df7a994c2804f2e045c0c76d6e60840435baa95b58e01a2ca4726044cc

SHA512
0ecc0dc177e7e45f83f03438348d65d710d88a96ac03352353ff7ff9f5b9fe28029f0af65fbde6deeaae4158aabe5223a0be3f978cc362ce64e265ace03a311f

Download Submit
\Users\Admin\AppData\Local\Temp\50163654d6a17e8d2978464612ead67e.exe

Filesize
33KB

MD5
2834f3d01fcfd517d6ad151f302c1fcc

SHA1
8d369967fecbdb7cc621b5cfd5cd5bfef9114ddc

SHA256
e7d6f3b4b4fe3ad6c9230e3429167efe35f95df127c806115ed5a66b3d353538

SHA512
d6ea94c3c912508645a83f22edac3760ab8742db52400136dbeff811d398e2f585db320e3687d901bf456163e57ff33536c86939090111b1cba8794d7c9a7f4c

Download Submit
memory/1740-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1740-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1740-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1740-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1740-26-0x0000000003400000-0x000000000362A000-memory.dmp

Filesize
2.2MB

Download
memory/1740-20-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2380-15-0x00000000036F0000-0x0000000003BDF000-memory.dmp

Filesize
4.9MB

Download
memory/2380-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2380-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2380-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2380-31-0x00000000036F0000-0x0000000003BDF000-memory.dmp

Filesize
4.9MB

Download
memory/2380-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download