0c80601ead9e2bfa8ed70607ba8f8d812106fcd5655e6d22cf680e8168d5d5ac

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 12:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5083ba3cd3d79311a3229f19de64b351.exe
Size

5.3MB
MD5

5083ba3cd3d79311a3229f19de64b351
SHA1

d59516693a6dcd1222eb3e1c0a7bba73c840f540
SHA256

0c80601ead9e2bfa8ed70607ba8f8d812106fcd5655e6d22cf680e8168d5d5ac
SHA512

263f290ee56466ae07836fcdb720e243f8cbc1fe38d20b31fdbcbe81658535b2226ae7c8a8c02fa24c55c61734c70e40a19fed095d7602c93c2f880c85efed57
SSDEEP

98304:OjQ3q2YaJEeHoB5txEz6pwsZ7Hx/QfOPMholH4B7HoB5txEz6pwsZ7Hj:Oj6EemCSF76fOzEmCSF7D

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2996	5083ba3cd3d79311a3229f19de64b351.exe

Executes dropped EXE 1 IoCs

pid	Process
2996	5083ba3cd3d79311a3229f19de64b351.exe

Loads dropped DLL 1 IoCs

pid	Process
2816	5083ba3cd3d79311a3229f19de64b351.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2816-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a000000013a1a-10.dat	upx
behavioral1/files/0x000a000000013a1a-15.dat	upx
behavioral1/memory/2996-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2816	5083ba3cd3d79311a3229f19de64b351.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2816	5083ba3cd3d79311a3229f19de64b351.exe
2996	5083ba3cd3d79311a3229f19de64b351.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2996	2816	5083ba3cd3d79311a3229f19de64b351.exe	28
PID 2816 wrote to memory of 2996	2816	5083ba3cd3d79311a3229f19de64b351.exe	28
PID 2816 wrote to memory of 2996	2816	5083ba3cd3d79311a3229f19de64b351.exe	28
PID 2816 wrote to memory of 2996	2816	5083ba3cd3d79311a3229f19de64b351.exe	28

C:\Users\Admin\AppData\Local\Temp\5083ba3cd3d79311a3229f19de64b351.exe
"C:\Users\Admin\AppData\Local\Temp\5083ba3cd3d79311a3229f19de64b351.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Users\Admin\AppData\Local\Temp\5083ba3cd3d79311a3229f19de64b351.exe
  C:\Users\Admin\AppData\Local\Temp\5083ba3cd3d79311a3229f19de64b351.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5083ba3cd3d79311a3229f19de64b351.exe

Filesize
224KB

MD5
5adae1d198e3b0fdb0f537f955e23c2e

SHA1
9a7dcb140bb14f69e39d1fd2d0e822969c0d135d

SHA256
6e1efda46844733f45b8ed0028215128bee98ac4172d2f524da2f36b65b99e88

SHA512
685e144ee9ca07badbb118c73eaaf9c013344bba232e2fedb8b708b8df88fe48c5be7580d944d17b4e94b42fe69de5fbb37958df3773bb87b886cf15fe714c4b

Download Submit
\Users\Admin\AppData\Local\Temp\5083ba3cd3d79311a3229f19de64b351.exe

Filesize
105KB

MD5
4620d087c95c2bbbe9edeaaa35b4e166

SHA1
8b9ce175675085fd7f52248073af683b6557b856

SHA256
a12839101603cba7e59eedd51a5dfa610ba98d3e968aca7604bd52d323593a17

SHA512
a2610128ddd0de5a89fb0b5da916e3edcd57465c4032725c3cd4fda3394b3c46012cb0fd7e16c48d1029a4eb6bfebbe71df8538c76c7d18fd64dedffe6592170

Download Submit
memory/2816-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2816-2-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2816-14-0x0000000003C90000-0x0000000004177000-memory.dmp

Filesize
4.9MB

Download
memory/2816-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2816-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2996-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2996-19-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2996-18-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2996-25-0x0000000003540000-0x0000000003762000-memory.dmp

Filesize
2.1MB

Download
memory/2996-24-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2996-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download