f3f87736fcf9ac05ab90a3a6586995d3f60e80f388c7920586a6c9b271aae316

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 10:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

562be401fe139c44bc66f07c1bffa5bd.exe
Size

2.9MB
MD5

562be401fe139c44bc66f07c1bffa5bd
SHA1

bd5978066b91a0d74e5b889387c455e60dbc72a6
SHA256

f3f87736fcf9ac05ab90a3a6586995d3f60e80f388c7920586a6c9b271aae316
SHA512

9565b337eb6b3494a5c221fd69dcd1cafdce10be492207a50902c6b73959317d65a4f73a096294d2b2271758a52f3f06e646f28915b6bfb7777a39b5fc505c85
SSDEEP

49152:Qk21E9W2c+8JmdW5JNN4OCTY2nS4QAZnoE9Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:lW2P8JmOuDUf4fZnoEHau42c1joCjMP3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2712	562be401fe139c44bc66f07c1bffa5bd.exe

Executes dropped EXE 1 IoCs

pid	Process
2712	562be401fe139c44bc66f07c1bffa5bd.exe

Loads dropped DLL 1 IoCs

pid	Process
1784	562be401fe139c44bc66f07c1bffa5bd.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1784-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000900000001225c-10.dat	upx
behavioral1/files/0x000900000001225c-12.dat	upx
behavioral1/memory/2712-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000900000001225c-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1784	562be401fe139c44bc66f07c1bffa5bd.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1784	562be401fe139c44bc66f07c1bffa5bd.exe
2712	562be401fe139c44bc66f07c1bffa5bd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 2712	1784	562be401fe139c44bc66f07c1bffa5bd.exe	28
PID 1784 wrote to memory of 2712	1784	562be401fe139c44bc66f07c1bffa5bd.exe	28
PID 1784 wrote to memory of 2712	1784	562be401fe139c44bc66f07c1bffa5bd.exe	28
PID 1784 wrote to memory of 2712	1784	562be401fe139c44bc66f07c1bffa5bd.exe	28

C:\Users\Admin\AppData\Local\Temp\562be401fe139c44bc66f07c1bffa5bd.exe
"C:\Users\Admin\AppData\Local\Temp\562be401fe139c44bc66f07c1bffa5bd.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Users\Admin\AppData\Local\Temp\562be401fe139c44bc66f07c1bffa5bd.exe
  C:\Users\Admin\AppData\Local\Temp\562be401fe139c44bc66f07c1bffa5bd.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\562be401fe139c44bc66f07c1bffa5bd.exe

Filesize
1.8MB

MD5
71c42352b5a01f566de0d974063b5393

SHA1
7ef2e3456abcb947c856a6ef9f9461a4dc538ba5

SHA256
ebbba31288bbc4fb6d668cb8b4adb0c23a17adda9106ba1ddc49ebb1c5c50389

SHA512
80d62f55ad952240cf23f0361a1139fcf392cd6d56c47866f57bd9be024c0974dd6492b2d2ed1eb9bef8454b6230ef6a8e0bb684a134d0eac5d11986dfffed6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\562be401fe139c44bc66f07c1bffa5bd.exe

Filesize
2.0MB

MD5
e22a7cd5b9da585b77f0b93b474b388f

SHA1
a2e6ddbef079046ab88a0e7fbcf62ca2a5a2930e

SHA256
faabedde237aa62052c23030bf499d0b17882328f2f2777536c2406009b66b73

SHA512
7bf2032617d8fd030848d4259190a1c382b77c45dc0aff5c76078e685dc757c924fd79616f90d831b1666317466d0abf3bd6c485df9a3afb93b32bf50747cba5

Download Submit
\Users\Admin\AppData\Local\Temp\562be401fe139c44bc66f07c1bffa5bd.exe

Filesize
2.1MB

MD5
8861ce38708de852b251c3f7853c86f9

SHA1
c374f312a14f1f977bab0c6662cbb9f95a47a4dd

SHA256
bcf53c681fa2e669fceaa50423c809df432b4922893c0e4fec428809ed7ce111

SHA512
d609cb9f3a42c34c1a7ac828743515fb035bf873d4f9ccee93f710d7b1dff9559500809f8384fdddb31adf6d39cdb67203657eb4da2543f2abf08acf4d29b3a3

Download Submit
memory/1784-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1784-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1784-13-0x0000000003980000-0x0000000003E6F000-memory.dmp

Filesize
4.9MB

Download
memory/1784-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1784-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2712-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2712-17-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2712-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2712-24-0x0000000003570000-0x000000000379A000-memory.dmp

Filesize
2.2MB

Download
memory/2712-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2712-33-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download