82c1e049074072ed9b21dabf3fc83482bee0af85f378fcad724af20ce89ae652

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 15:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

53d53a2dd0af3296791577e2a34253b8.exe
Size

5.3MB
MD5

53d53a2dd0af3296791577e2a34253b8
SHA1

3c4877087a3d46a179c42772706face4d0c1008f
SHA256

82c1e049074072ed9b21dabf3fc83482bee0af85f378fcad724af20ce89ae652
SHA512

32e6e2ddfe942c0e2b3c49f2c38b3f55dca7d9d44ac8d7e8802eb7c69636bd7b7893a9c90831d41e5b5c544ea24bf837aeef62e995c165c6abb028ff72cb1fe1
SSDEEP

98304:ZAWtrbRyukYXTgWWj9XjbAU/h9m50C60bcqlWWj9XjbAU/h9:SW5bgukYXBWBjbAQh9w070/kWBjbAQh9

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2844	53d53a2dd0af3296791577e2a34253b8.exe

Executes dropped EXE 1 IoCs

pid	Process
2844	53d53a2dd0af3296791577e2a34253b8.exe

Loads dropped DLL 1 IoCs

pid	Process
2936	53d53a2dd0af3296791577e2a34253b8.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2936-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/2844-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/2936-15-0x0000000003D80000-0x00000000041EA000-memory.dmp	upx
behavioral1/files/0x0009000000015b6f-16.dat	upx
behavioral1/files/0x0009000000015b6f-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2936	53d53a2dd0af3296791577e2a34253b8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2936	53d53a2dd0af3296791577e2a34253b8.exe
2844	53d53a2dd0af3296791577e2a34253b8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2844	2936	53d53a2dd0af3296791577e2a34253b8.exe	28
PID 2936 wrote to memory of 2844	2936	53d53a2dd0af3296791577e2a34253b8.exe	28
PID 2936 wrote to memory of 2844	2936	53d53a2dd0af3296791577e2a34253b8.exe	28
PID 2936 wrote to memory of 2844	2936	53d53a2dd0af3296791577e2a34253b8.exe	28

C:\Users\Admin\AppData\Local\Temp\53d53a2dd0af3296791577e2a34253b8.exe
"C:\Users\Admin\AppData\Local\Temp\53d53a2dd0af3296791577e2a34253b8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Users\Admin\AppData\Local\Temp\53d53a2dd0af3296791577e2a34253b8.exe
  C:\Users\Admin\AppData\Local\Temp\53d53a2dd0af3296791577e2a34253b8.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\53d53a2dd0af3296791577e2a34253b8.exe

Filesize
235KB

MD5
556a5ff27aa9a2cfd8e7ba29f5e342cf

SHA1
0ed7e3e9bdc8c085b4f69a774da2bf0d649aebf7

SHA256
22510c816304ff299fba1932a595951a789f2f446838c278db6407eebe73341d

SHA512
f01b6d8a3ee37b81cb4c1dc21681a70eb25a43c1a440eedae6a9d767d5834e9fbedc575be379a27ec9ea6c7f6fa871430edc1050503597e1f47c401b3588aa31

Download Submit
\Users\Admin\AppData\Local\Temp\53d53a2dd0af3296791577e2a34253b8.exe

Filesize
833KB

MD5
96bbf040db9e10a5310cc94fc56a4d56

SHA1
3e64e1440ee5ffd1164333314bce97ba043a7e3d

SHA256
e0fd6166c8c5b7fca9f655827958832f6d1507f550a005e1cb3280b01897119a

SHA512
a076f7255b15223143b96692a61d81990b22b1657bf86847f06175d22bbce51fc7f389b95b7fc911cca1a59894ea9e9948b50abf11ce1795533f2812b58adf37

Download Submit
memory/2844-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2844-19-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2844-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2844-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2936-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2936-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2936-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2936-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2936-15-0x0000000003D80000-0x00000000041EA000-memory.dmp

Filesize
4.4MB

Download