042bb32ab612d4181e7ab7da4b4ebafd57168a3a38f6e6304d8ae61e9ecd05b4

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

51900ec709509b977c90bc573fe2439c.exe
Size

1.5MB
MD5

51900ec709509b977c90bc573fe2439c
SHA1

9e0868c179daec55f2c4626483bb88939406cb88
SHA256

042bb32ab612d4181e7ab7da4b4ebafd57168a3a38f6e6304d8ae61e9ecd05b4
SHA512

8e17c024b48bc68a8804e8676578891f4026bcd40a06cad3d30eb0cc94244d74f9dfaf4ef74d210a79f7fcf11d520d679bdb9a3c60f9700bf87adf2e9148b319
SSDEEP

24576:Cpwve10TS75+JqcqAxvoOCQU7z3chkfm5i5HjbW:Ch10j2NH3TYi5n

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2932	51900ec709509b977c90bc573fe2439c.exe

Executes dropped EXE 1 IoCs

pid	Process
2932	51900ec709509b977c90bc573fe2439c.exe

Loads dropped DLL 1 IoCs

pid	Process
2008	51900ec709509b977c90bc573fe2439c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2008-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d000000012251-10.dat	upx
behavioral1/files/0x000d000000012251-12.dat	upx
behavioral1/files/0x000d000000012251-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2008	51900ec709509b977c90bc573fe2439c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2008	51900ec709509b977c90bc573fe2439c.exe
2932	51900ec709509b977c90bc573fe2439c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2932	2008	51900ec709509b977c90bc573fe2439c.exe	28
PID 2008 wrote to memory of 2932	2008	51900ec709509b977c90bc573fe2439c.exe	28
PID 2008 wrote to memory of 2932	2008	51900ec709509b977c90bc573fe2439c.exe	28
PID 2008 wrote to memory of 2932	2008	51900ec709509b977c90bc573fe2439c.exe	28

C:\Users\Admin\AppData\Local\Temp\51900ec709509b977c90bc573fe2439c.exe
"C:\Users\Admin\AppData\Local\Temp\51900ec709509b977c90bc573fe2439c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\51900ec709509b977c90bc573fe2439c.exe
  C:\Users\Admin\AppData\Local\Temp\51900ec709509b977c90bc573fe2439c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\51900ec709509b977c90bc573fe2439c.exe

Filesize
128KB

MD5
0a734b412efea82b24e655c413e210f2

SHA1
1767a042b47ec42b255e446c72535560cd164a83

SHA256
e7eb09ac11a45121c6fa3ddd0cb13ef738d9fa8a9da155f1007baf7fdbf154fc

SHA512
c0f6f59e590414e082db9d2721fc6754ba333aceed91609880caeb2f4526d9ace8a1cc6a688b13290304ada24591d33f6c2b4c68df9313cbee4e7324e03003fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\51900ec709509b977c90bc573fe2439c.exe

Filesize
337KB

MD5
d18584a7d5066e8c47221b29c5b4694a

SHA1
ce7903ddb24dd1c09257fb2a44fbe01fafa66bb4

SHA256
6c7e5b2433b0f5260bc32372b9ea0013b6579119910b758adf0aa73a875845d6

SHA512
a81c7b56cd0e89c2942a409decb52860be59c2ce8ce1812121fc59b5ec6b4d699729344f24a5b445757e30796d92b51dcced2f6d1a477cc6a4920449596bb6c1

Download Submit
\Users\Admin\AppData\Local\Temp\51900ec709509b977c90bc573fe2439c.exe

Filesize
1.5MB

MD5
84090811303ea52d72efbd1ffdeeef99

SHA1
4942e6abf259b63525015c48455cf370f8a86b5a

SHA256
be36a650cf94a5de37e8635adac54070ab252e4a3e620587e52568e67f8f965a

SHA512
5aed10d76e920d4101c611aea560b64f9b0cfdacf8436072357bdf3d6a76c96638294a0ef4181165414d17dd4f3bb585c83025605dd8bf14493cd17956b6f8d9

Download Submit
memory/2008-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2008-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2008-16-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2008-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2008-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2932-19-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2932-21-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2932-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2932-26-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2932-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2932-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download