f3abcee62eabdf75efa04202f6d322a0ebeff5a3ec7e3a5aa7a0dfb3c1e07258

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5760965dbc491768599a0f4a300850b6.exe
Size

2.7MB
MD5

5760965dbc491768599a0f4a300850b6
SHA1

c2fe02d0e49a6d42ca8a1fbba35899aa3c710c06
SHA256

f3abcee62eabdf75efa04202f6d322a0ebeff5a3ec7e3a5aa7a0dfb3c1e07258
SHA512

2c5ae07da32fc0887f25379cd319bcfb5130eb5b0c0aa18e8221c5da544a32fd3f57c9bf99b0bab0783e8b8bbe11b3fff318903e76d1bc08325c0abcbafc747e
SSDEEP

49152:HZRtN+WELlMP3GbQbgnnR9ktBc1+Q4YdxSChG38bDUggR9t:HfhELl+WFnHktBcwQDM2YIDULHt

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2316	5760965dbc491768599a0f4a300850b6.exe

Executes dropped EXE 1 IoCs

pid	Process
2316	5760965dbc491768599a0f4a300850b6.exe

Loads dropped DLL 1 IoCs

pid	Process
2480	5760965dbc491768599a0f4a300850b6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2480-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000c000000012252-10.dat	upx
behavioral1/files/0x000c000000012252-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2480	5760965dbc491768599a0f4a300850b6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2480	5760965dbc491768599a0f4a300850b6.exe
2316	5760965dbc491768599a0f4a300850b6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2316	2480	5760965dbc491768599a0f4a300850b6.exe	28
PID 2480 wrote to memory of 2316	2480	5760965dbc491768599a0f4a300850b6.exe	28
PID 2480 wrote to memory of 2316	2480	5760965dbc491768599a0f4a300850b6.exe	28
PID 2480 wrote to memory of 2316	2480	5760965dbc491768599a0f4a300850b6.exe	28

C:\Users\Admin\AppData\Local\Temp\5760965dbc491768599a0f4a300850b6.exe
"C:\Users\Admin\AppData\Local\Temp\5760965dbc491768599a0f4a300850b6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Users\Admin\AppData\Local\Temp\5760965dbc491768599a0f4a300850b6.exe
  C:\Users\Admin\AppData\Local\Temp\5760965dbc491768599a0f4a300850b6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5760965dbc491768599a0f4a300850b6.exe

Filesize
2.2MB

MD5
8b3548e3927eeac499f1527c7796cef8

SHA1
ec65f1d069421d4c6ca1224300dac7be4d6c2fc4

SHA256
88ab0e3f1c4f05ba8128d298259f0941a4b8682188f3396a1d2f43e5eb4a69a0

SHA512
02f916487652644d75aad94fe5c22f6caedec25f26a601000f7a3fbac092be1a3bec83743bd0b3a05881460888f67cfbfb45bd87a2756e06f6756fe80e2b244c

Download Submit
\Users\Admin\AppData\Local\Temp\5760965dbc491768599a0f4a300850b6.exe

Filesize
2.3MB

MD5
98d3eba28ad6d799e8f8a3eaa0641eef

SHA1
8af25134039740fa5c3a809fc7ca73bcdbc0afdb

SHA256
7defc05d616d9eb7d1db4e91038a4be9c21a5bdb9b8569af9b43c9ff29f16d3a

SHA512
bba621958a92d26cfb0029efded9569bfb4a9de3666fc1dd259a34c576d6557518c4a9fe2844dcd7fe2794e92c21b5b669bb254190455f5b50a2ef7f7ca889b8

Download Submit
memory/2316-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2316-18-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2316-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2316-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2316-25-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2316-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2480-2-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2480-15-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/2480-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2480-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2480-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2480-31-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download