87fd00cb61eda7589911d1fc10a48bd448ad132f224496148cb45f5d984cde45

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 22:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

598690b391ee41275e4b74cf489957d6.exe
Size

2.9MB
MD5

598690b391ee41275e4b74cf489957d6
SHA1

583ff0ea506a13a284c663b5269f883adcf18d28
SHA256

87fd00cb61eda7589911d1fc10a48bd448ad132f224496148cb45f5d984cde45
SHA512

dc7d926325520b7917575858d6521a7e77fa006ab543687929e631a02e135cc98caba64791d643e95c06749a11cf921f68426f775f538f0158c1a7ea3cb5d4a1
SSDEEP

49152:nCqkz4CTzRfksrxSRoPuYJzHvOOQbFlcWP4M338dB2IBlGuuDVUsdxxjeQZwxPY1:dU4KzRM8WoGKiOQJlcWgg3gnl/IVUs1h

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2116	598690b391ee41275e4b74cf489957d6.exe

Executes dropped EXE 1 IoCs

pid	Process
2116	598690b391ee41275e4b74cf489957d6.exe

Loads dropped DLL 1 IoCs

pid	Process
2104	598690b391ee41275e4b74cf489957d6.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2104-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001225f-15.dat	upx
behavioral1/memory/2116-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001225f-12.dat	upx
behavioral1/files/0x000b00000001225f-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2104	598690b391ee41275e4b74cf489957d6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2104	598690b391ee41275e4b74cf489957d6.exe
2116	598690b391ee41275e4b74cf489957d6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2116	2104	598690b391ee41275e4b74cf489957d6.exe	28
PID 2104 wrote to memory of 2116	2104	598690b391ee41275e4b74cf489957d6.exe	28
PID 2104 wrote to memory of 2116	2104	598690b391ee41275e4b74cf489957d6.exe	28
PID 2104 wrote to memory of 2116	2104	598690b391ee41275e4b74cf489957d6.exe	28

C:\Users\Admin\AppData\Local\Temp\598690b391ee41275e4b74cf489957d6.exe
"C:\Users\Admin\AppData\Local\Temp\598690b391ee41275e4b74cf489957d6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\598690b391ee41275e4b74cf489957d6.exe
  C:\Users\Admin\AppData\Local\Temp\598690b391ee41275e4b74cf489957d6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\598690b391ee41275e4b74cf489957d6.exe

Filesize
447KB

MD5
b0b25c1ee6494f32d2e0759ea4907d77

SHA1
6f3da206d0de3e8cc9f4389e94ed40b606a1db5e

SHA256
b9d59dabcb0532be00bb0ab9bd73a7f1c21c19faa146ed52492551cb00fb81be

SHA512
45fe0654ada1dbbfdc51804fb805495695aef2ba7f331bb2d7ba04fe6f0f30aac8a246526eb4afd8e4d3af5b44cb950b377f1c38ec91a917003badf27cc4feb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\598690b391ee41275e4b74cf489957d6.exe

Filesize
215KB

MD5
7c6113ce05b68063d9544ba8d9ebbd2b

SHA1
2d89e6a9a8a31cab67d2280f672e4b0ef7ca485c

SHA256
c912b9b980555dcdb1861c4abd6c9ea1693ad6195ca0f3d70584c42dba73053a

SHA512
684e0095890188fff19253767bd6904c5672e576a597e59b9d6e20be21e1eec6a78843dbf5a0aca9f0d1ba412d01bf4c4947c8cf48773b07324ac2c2a6b49c13

Download Submit
\Users\Admin\AppData\Local\Temp\598690b391ee41275e4b74cf489957d6.exe

Filesize
399KB

MD5
b91c7321c4f8c7ed80738c118c3f8d15

SHA1
5903ddd942af52564cf4b32f080a72610d0f86d6

SHA256
7253748e0c60cc74180b0d37c80177c6054370f0b0895380ba142de1bef20c90

SHA512
d21f5e663897b7a4e2681cde340cc78b23a6a1dfef08bcd1e85298d5a2996fc214a743b3d42ed105e7817e3cd36932d505825a0452a7e0f1e7ef5b21d71ef4f2

Download Submit
memory/2104-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2104-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2104-14-0x0000000003980000-0x0000000003E6F000-memory.dmp

Filesize
4.9MB

Download
memory/2104-1-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2104-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2104-31-0x0000000003980000-0x0000000003E6F000-memory.dmp

Filesize
4.9MB

Download
memory/2116-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2116-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2116-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2116-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2116-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2116-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download