9301e0d1ca3fc34fcf981760f706e59776f22df2ba3ec4eca3663f77eb4cd139

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 00:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

51fac4854749462ef19517c9d75bca40.exe
Size

1.3MB
MD5

51fac4854749462ef19517c9d75bca40
SHA1

320a5ea121b944a9da589c9b88632c73996e182a
SHA256

9301e0d1ca3fc34fcf981760f706e59776f22df2ba3ec4eca3663f77eb4cd139
SHA512

6c8685c3ebaac2ae9a4446b8f59e4d3fd5bd2c6761d2d592bd22bafbc5a08ebc1067745a8c091347e2cbe5f3216770d39c742cd17a05cd8a7ef7d84d572f4521
SSDEEP

24576:SbneH+CAS2yFUfDLog5p/zxTThlA0kD6br/wbzsvDSY7AkO1uWc:SbneeCspogRiWbOOnp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2052	51fac4854749462ef19517c9d75bca40.exe

Executes dropped EXE 1 IoCs

pid	Process
2052	51fac4854749462ef19517c9d75bca40.exe

Loads dropped DLL 1 IoCs

pid	Process
2888	51fac4854749462ef19517c9d75bca40.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2888-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b0000000133a9-10.dat	upx
behavioral1/files/0x000b0000000133a9-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2888	51fac4854749462ef19517c9d75bca40.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2888	51fac4854749462ef19517c9d75bca40.exe
2052	51fac4854749462ef19517c9d75bca40.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2052	2888	51fac4854749462ef19517c9d75bca40.exe	28
PID 2888 wrote to memory of 2052	2888	51fac4854749462ef19517c9d75bca40.exe	28
PID 2888 wrote to memory of 2052	2888	51fac4854749462ef19517c9d75bca40.exe	28
PID 2888 wrote to memory of 2052	2888	51fac4854749462ef19517c9d75bca40.exe	28

C:\Users\Admin\AppData\Local\Temp\51fac4854749462ef19517c9d75bca40.exe
"C:\Users\Admin\AppData\Local\Temp\51fac4854749462ef19517c9d75bca40.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Users\Admin\AppData\Local\Temp\51fac4854749462ef19517c9d75bca40.exe
  C:\Users\Admin\AppData\Local\Temp\51fac4854749462ef19517c9d75bca40.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\51fac4854749462ef19517c9d75bca40.exe

Filesize
382KB

MD5
9e4c743957e59b14ba0e9f9ffecdbf59

SHA1
eb1b6565e8e21ea157a315a7afb72e15f8d93210

SHA256
368ae1c0d05cd393355d179f5e72fd77fa7a6d2342119e03d2ef2bd7249cfbc5

SHA512
0f23cf7c015b9e9763d6f1249b3b627ce75c75ad723845a36989389361e7cb18abeea18774bb831aada50119135f5816d6104e74799cfb5f104d3f57018f5c94

Download Submit
\Users\Admin\AppData\Local\Temp\51fac4854749462ef19517c9d75bca40.exe

Filesize
832KB

MD5
e9acd00e32b08de9711e49612e2bdffd

SHA1
f96631ca1d9c758f8e872995d8e9651e1011540e

SHA256
4896c3eeb602b08913c0521a8d2efa38fea69563a268fa015d97002bfeb10420

SHA512
4ca44f8703bd9a46147d2967bb8a1455314cd04f4f2d8d7d2da9bed8b5619063a1fcb0b8fe8cac1335d5eb376cba17116d71a8f7031fe43aa62c68d56c473c1c

Download Submit
memory/2052-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2052-18-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2052-24-0x0000000003430000-0x000000000365A000-memory.dmp

Filesize
2.2MB

Download
memory/2052-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2052-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2888-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2888-2-0x0000000000290000-0x00000000003C3000-memory.dmp

Filesize
1.2MB

Download
memory/2888-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2888-15-0x00000000035E0000-0x0000000003ACF000-memory.dmp

Filesize
4.9MB

Download
memory/2888-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2888-30-0x00000000035E0000-0x0000000003ACF000-memory.dmp

Filesize
4.9MB

Download