2a57b02f88facc3eb02f32c7cdffbf7a39470a373adb5f36f9457b4fc3e60679

Analysis

max time kernel
121s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

506b16214cf7a38fbe82cdd1f1c7c7e0.exe
Size

2.9MB
MD5

506b16214cf7a38fbe82cdd1f1c7c7e0
SHA1

c1b64bc123509d4951f03218e20eb6c38cafb6e5
SHA256

2a57b02f88facc3eb02f32c7cdffbf7a39470a373adb5f36f9457b4fc3e60679
SHA512

443736d817206814f3ddccaa36f50808dd8a8f3318ee22ee9a6ce12d79fe5877aaf5cc44efc8635ebecf16413655dd82a96c2fcef3cac247c2f1e7ce8290d045
SSDEEP

49152:B6yQufKQPfhezRFkZ8sFe1N74NH5HUyNRcUsCVOzetdZJ:Bd/KGfPZNq4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2680	506b16214cf7a38fbe82cdd1f1c7c7e0.exe

Executes dropped EXE 1 IoCs

pid	Process
2680	506b16214cf7a38fbe82cdd1f1c7c7e0.exe

Loads dropped DLL 1 IoCs

pid	Process
2072	506b16214cf7a38fbe82cdd1f1c7c7e0.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2072-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d00000001272c-13.dat	upx
behavioral1/files/0x000d00000001272c-12.dat	upx
behavioral1/files/0x000d00000001272c-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2072	506b16214cf7a38fbe82cdd1f1c7c7e0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2072	506b16214cf7a38fbe82cdd1f1c7c7e0.exe
2680	506b16214cf7a38fbe82cdd1f1c7c7e0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2680	2072	506b16214cf7a38fbe82cdd1f1c7c7e0.exe	28
PID 2072 wrote to memory of 2680	2072	506b16214cf7a38fbe82cdd1f1c7c7e0.exe	28
PID 2072 wrote to memory of 2680	2072	506b16214cf7a38fbe82cdd1f1c7c7e0.exe	28
PID 2072 wrote to memory of 2680	2072	506b16214cf7a38fbe82cdd1f1c7c7e0.exe	28

C:\Users\Admin\AppData\Local\Temp\506b16214cf7a38fbe82cdd1f1c7c7e0.exe
"C:\Users\Admin\AppData\Local\Temp\506b16214cf7a38fbe82cdd1f1c7c7e0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Users\Admin\AppData\Local\Temp\506b16214cf7a38fbe82cdd1f1c7c7e0.exe
  C:\Users\Admin\AppData\Local\Temp\506b16214cf7a38fbe82cdd1f1c7c7e0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\506b16214cf7a38fbe82cdd1f1c7c7e0.exe

Filesize
1.0MB

MD5
005e43dbe409cdf19f3af3ada993137a

SHA1
68b88724e3138c4ffe482f8b1aa7545f5dfa7379

SHA256
4a3cc407a9b727333afd3fe2ebc4ce4945eb26983dd676c73ea035a450ac576c

SHA512
495999035d04fce3f2e7d2e088480ea66661ab7627f237659b11aa2ca038f913d976822383f6b54c2871006a59741088c86b23c64b10e5b80c5d6fef19bc9b95

Download Submit
C:\Users\Admin\AppData\Local\Temp\506b16214cf7a38fbe82cdd1f1c7c7e0.exe

Filesize
445KB

MD5
d7735e6139c98e716a8bce085d735124

SHA1
880251a623802b2680dace0c2b3107aecbef9a59

SHA256
cf7bfff8417db4861689083460d142a75e80491e25cf549fa56d3d1c267a8fc0

SHA512
1f7d6bf86ce5337b843092db58e8d69c71e460b823473ff5bb0dcf5e1819910fd9962c615eff181f34843e434947c585347df386881edf6276a153860a3823b3

Download Submit
\Users\Admin\AppData\Local\Temp\506b16214cf7a38fbe82cdd1f1c7c7e0.exe

Filesize
884KB

MD5
193d75256b2a020713dfebbc6e940e4c

SHA1
2a7ccfca4e318655849cfe8051961cf979b597ec

SHA256
04f9d55fd949f5446369f602fafe55278e99e249892a62bc6be098e5e324e9d8

SHA512
c4978c40687f3fa9a32c3f24ac1a4694c4c9a153f5dd0ac83dcbd5d0dc72b300ae47015d3326b2c9c55057b193a9db4fbd93cfc98d0ec90d92908ee8719a166f

Download Submit
memory/2072-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2072-16-0x0000000003800000-0x0000000003CEF000-memory.dmp

Filesize
4.9MB

Download
memory/2072-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2072-1-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2072-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2072-30-0x0000000003800000-0x0000000003CEF000-memory.dmp

Filesize
4.9MB

Download
memory/2680-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2680-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2680-23-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2680-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2680-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download