73343f3090568eab22598b3ef48cd353e8db8ef307a4632b39557fb12921debf

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 12:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

538909d8d2b177bc7e54c686f1f1fa0f.exe
Size

1.3MB
MD5

538909d8d2b177bc7e54c686f1f1fa0f
SHA1

2592a234bdb3f7485b6988f42a9a11285b6d0122
SHA256

73343f3090568eab22598b3ef48cd353e8db8ef307a4632b39557fb12921debf
SHA512

23882c737cff6baf703a8a955438b2eb13be173f20f685b3ffde3c26f45dcf20fd3d2e3895565e76ba5ff7cc9744c8ffd661b20a9692c33c99d759af9adae7cc
SSDEEP

24576:kaHZQWATHKTlDTG69gGBOAWPFJqbnBqyDfzeHGh6Ht3+Ax6rdyxDERjnhkvG:kaHZQzolDq2lOZPFJkjbuaq3LCFj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2972	538909d8d2b177bc7e54c686f1f1fa0f.exe

Executes dropped EXE 1 IoCs

pid	Process
2972	538909d8d2b177bc7e54c686f1f1fa0f.exe

Loads dropped DLL 1 IoCs

pid	Process
2024	538909d8d2b177bc7e54c686f1f1fa0f.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2024-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/2024-15-0x00000000033F0000-0x000000000385A000-memory.dmp	upx
behavioral1/files/0x000b000000015cfa-13.dat	upx
behavioral1/files/0x000b000000015cfa-16.dat	upx
behavioral1/files/0x000b000000015cfa-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2024	538909d8d2b177bc7e54c686f1f1fa0f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2024	538909d8d2b177bc7e54c686f1f1fa0f.exe
2972	538909d8d2b177bc7e54c686f1f1fa0f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2972	2024	538909d8d2b177bc7e54c686f1f1fa0f.exe	28
PID 2024 wrote to memory of 2972	2024	538909d8d2b177bc7e54c686f1f1fa0f.exe	28
PID 2024 wrote to memory of 2972	2024	538909d8d2b177bc7e54c686f1f1fa0f.exe	28
PID 2024 wrote to memory of 2972	2024	538909d8d2b177bc7e54c686f1f1fa0f.exe	28

C:\Users\Admin\AppData\Local\Temp\538909d8d2b177bc7e54c686f1f1fa0f.exe
"C:\Users\Admin\AppData\Local\Temp\538909d8d2b177bc7e54c686f1f1fa0f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Users\Admin\AppData\Local\Temp\538909d8d2b177bc7e54c686f1f1fa0f.exe
  C:\Users\Admin\AppData\Local\Temp\538909d8d2b177bc7e54c686f1f1fa0f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\538909d8d2b177bc7e54c686f1f1fa0f.exe

Filesize
93KB

MD5
bcbfd3c607f250bb4c0d2c45436f32fa

SHA1
2156dab31d762bfb84c93762a6cae2b2b18977ea

SHA256
c76b56044c8360a00a6169225149655e2f43f215ea2986bf90784091e6831891

SHA512
4e185f84d3cb56bb793682b664e0671ef93959ef72a31495fe7b15623283b813418b0620638422ca27fb3e65d6dbefd3c818101b4d725dc382db34743fbe7c7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\538909d8d2b177bc7e54c686f1f1fa0f.exe

Filesize
348KB

MD5
c2af555e0249d663023ecfb424554788

SHA1
0f6478c8f36cec81a3e94f816f3449a03b33e09e

SHA256
e8a6afb9e1e587fa07dd52b54f0e36d9beccabd973cb3551dca30e1f038dcde4

SHA512
77c3bf3787c590c7e14e37b158f82be7c64499ae0386ac1762b7cb799f53bf2ae74983aa4fac910648d00f87ba849c0067b5b293a6ee1311afbf2ce2c3cb839f

Download Submit
\Users\Admin\AppData\Local\Temp\538909d8d2b177bc7e54c686f1f1fa0f.exe

Filesize
384KB

MD5
2579b139ce3aa482ae7d549ff760c66e

SHA1
ee44a94244f9dcec38194ce384e2ead54efe951b

SHA256
0653f28a7039c9cd205f8f01a611ee188536c5f237b8b036c23db43c8e1e09bd

SHA512
4e894ab3d3b2d56fdff7368920755eba2e0c10337ff8ae15af92b67e5dc159c9ee390ad4f252213868af37c55bcbc5f5431d6a5418a6fb87630e439b6593bd9d

Download Submit
memory/2024-15-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download
memory/2024-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2024-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2024-2-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2024-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2024-26-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download
memory/2972-20-0x0000000000250000-0x0000000000362000-memory.dmp

Filesize
1.1MB

Download
memory/2972-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2972-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2972-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download