424d256feb47111e694ca7d64c052406e8309cd4abfc916a3f6fe671d3cd1c30

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

578aa29e426d3ae376f524ef47e90430.exe
Size

1.6MB
MD5

578aa29e426d3ae376f524ef47e90430
SHA1

699a15a716e31912891bf9831864e1a0a7b5a541
SHA256

424d256feb47111e694ca7d64c052406e8309cd4abfc916a3f6fe671d3cd1c30
SHA512

45df8360029e9884681dd0dcb9b9715394c2e15ab2632ce398af7263c0dad8719bc604466f6ffc1db716e2bfce220a5ad1639c4af24a89e6874cbcdda411afe6
SSDEEP

24576:vFuVCIqyWhRg8GVUNVvxHAlDq6WFbPKGuvt2kTzfaZ49LyNOw87V3f5SBiWWI0td:vFuVUhnhXxLvRusAw2QsWP4d

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2992	578aa29e426d3ae376f524ef47e90430.exe

Executes dropped EXE 1 IoCs

pid	Process
2992	578aa29e426d3ae376f524ef47e90430.exe

Loads dropped DLL 1 IoCs

pid	Process
2968	578aa29e426d3ae376f524ef47e90430.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2968-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000015df1-12.dat	upx
behavioral1/memory/2968-13-0x0000000003550000-0x0000000003A3F000-memory.dmp	upx
behavioral1/files/0x000b000000015df1-15.dat	upx
behavioral1/files/0x000b000000015df1-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2968	578aa29e426d3ae376f524ef47e90430.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2968	578aa29e426d3ae376f524ef47e90430.exe
2992	578aa29e426d3ae376f524ef47e90430.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 2992	2968	578aa29e426d3ae376f524ef47e90430.exe	20
PID 2968 wrote to memory of 2992	2968	578aa29e426d3ae376f524ef47e90430.exe	20
PID 2968 wrote to memory of 2992	2968	578aa29e426d3ae376f524ef47e90430.exe	20
PID 2968 wrote to memory of 2992	2968	578aa29e426d3ae376f524ef47e90430.exe	20

C:\Users\Admin\AppData\Local\Temp\578aa29e426d3ae376f524ef47e90430.exe
"C:\Users\Admin\AppData\Local\Temp\578aa29e426d3ae376f524ef47e90430.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Users\Admin\AppData\Local\Temp\578aa29e426d3ae376f524ef47e90430.exe
  C:\Users\Admin\AppData\Local\Temp\578aa29e426d3ae376f524ef47e90430.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\578aa29e426d3ae376f524ef47e90430.exe

Filesize
233KB

MD5
0b9afaba501a078afb9d7583149663e4

SHA1
4f0943edffc1d224d6ecf2a593eccac1a1523cb1

SHA256
fbf2fee00b89212ae8b3fd7d6eb486cd86f9c90ce4d66631ba0cb1c3c1165959

SHA512
3dae02eb4d829692dbf33d1b07b0ff1d8e88941b59960a33fa619e14cf93f6fae20a6462a001ee2c24b0435e4f28a0d22317b85d36665137b8b80b68fd873174

Download Submit
C:\Users\Admin\AppData\Local\Temp\578aa29e426d3ae376f524ef47e90430.exe

Filesize
353KB

MD5
60cc4a80522eb146ec046f00a0a91654

SHA1
3b115f01a56b3971ff1042fca17694b80eae2268

SHA256
b8459e53456419fe9d12fca8aaf0bf53c9dab2fc5f8fc8a65dbd59f9e2e8bd28

SHA512
5e4e925f1daf0906091b7fa33dad6fe5b98900c5462f82c53182ef22860f898f5eb05777202960750936c1f49c8151b89c8a8b2c55bfb38e0bacaa7f8ae6d402

Download Submit
\Users\Admin\AppData\Local\Temp\578aa29e426d3ae376f524ef47e90430.exe

Filesize
159KB

MD5
45d6548dc1d5f3532767822ed0d700e5

SHA1
596fb06d93ed8787cfa8924bf07f114320e140c1

SHA256
f3e30f780ce47434ca52d747214e9f6dfd283ed6c8f9d0dbadf1bfee49322c89

SHA512
0f658db5b5770d3d62c17ee4931977e5b855773407599c31f401e35b3bc954704d39896a446e7a51cd20484d02897bd97b741199f5fabcd31fa19d673cb41144

Download Submit
memory/2968-13-0x0000000003550000-0x0000000003A3F000-memory.dmp

Filesize
4.9MB

Download
memory/2968-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2968-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2968-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2968-31-0x0000000003550000-0x0000000003A3F000-memory.dmp

Filesize
4.9MB

Download
memory/2968-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2992-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2992-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2992-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2992-24-0x00000000034D0000-0x00000000036FA000-memory.dmp

Filesize
2.2MB

Download
memory/2992-19-0x0000000000240000-0x0000000000373000-memory.dmp

Filesize
1.2MB

Download
memory/2992-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download