4060dff940876d5960d82b6afbb894b4069f899831d387b5d7a8eea110953073

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-01-2024 05:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5818e3a117f67d417e0ad960a54f81fe.exe
Size

5.8MB
MD5

5818e3a117f67d417e0ad960a54f81fe
SHA1

a27529a097502a91e08f9ce9960d2b7c3e5d10e0
SHA256

4060dff940876d5960d82b6afbb894b4069f899831d387b5d7a8eea110953073
SHA512

abcfcbffef2b69dc4f2a932fe627466864c23c795f53a71486d64d09e56388cb8902a3d8a7d7b98049e657a44e5f7db05a791d7f3233aeae3a2784072156c264
SSDEEP

98304:mx7MTvpoqjlk+jeGvHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwv:mx7MTvpoqa+5auq1jI86FA7y2auq1jIH

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2732	5818e3a117f67d417e0ad960a54f81fe.exe

Executes dropped EXE 1 IoCs

pid	Process
2732	5818e3a117f67d417e0ad960a54f81fe.exe

Loads dropped DLL 1 IoCs

pid	Process
2280	5818e3a117f67d417e0ad960a54f81fe.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2280-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012252-10.dat	upx
behavioral1/files/0x000b000000012252-12.dat	upx
behavioral1/files/0x000b000000012252-14.dat	upx
behavioral1/memory/2280-15-0x0000000003EC0000-0x00000000043AF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2280	5818e3a117f67d417e0ad960a54f81fe.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2280	5818e3a117f67d417e0ad960a54f81fe.exe
2732	5818e3a117f67d417e0ad960a54f81fe.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2732	2280	5818e3a117f67d417e0ad960a54f81fe.exe	28
PID 2280 wrote to memory of 2732	2280	5818e3a117f67d417e0ad960a54f81fe.exe	28
PID 2280 wrote to memory of 2732	2280	5818e3a117f67d417e0ad960a54f81fe.exe	28
PID 2280 wrote to memory of 2732	2280	5818e3a117f67d417e0ad960a54f81fe.exe	28

C:\Users\Admin\AppData\Local\Temp\5818e3a117f67d417e0ad960a54f81fe.exe
"C:\Users\Admin\AppData\Local\Temp\5818e3a117f67d417e0ad960a54f81fe.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Users\Admin\AppData\Local\Temp\5818e3a117f67d417e0ad960a54f81fe.exe
  C:\Users\Admin\AppData\Local\Temp\5818e3a117f67d417e0ad960a54f81fe.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5818e3a117f67d417e0ad960a54f81fe.exe

Filesize
1.8MB

MD5
b2ee4ad289191954c49042127c650912

SHA1
1d87ddbf00e42d28f0ff9abc5eb5ae1fcaf596cf

SHA256
09946263cfc65a21ea210bfae0c761263315382031ffe6af009d921f1b49e3ef

SHA512
24eb2fe8c1f3c11721ce0007e3ce6eca951fd5b442b178309809a634bef57369638e53e7ced73a48069b9b9d074819231d42dc18ccc37ab89e88a5f4f25d257c

Download Submit
C:\Users\Admin\AppData\Local\Temp\5818e3a117f67d417e0ad960a54f81fe.exe

Filesize
1.6MB

MD5
28a7c3c673868fe24d04b3da9ff9b582

SHA1
ed19798108cef80d398349310417920c4831965a

SHA256
d2ddf2dc52f53ba86d9dd265ea1341fc190b3e90a02611b120d32734b7f8d406

SHA512
6d04e13775a6817de654d12a7b94cc07f12c3d371abf7649e84dcdbe61ff0aaa456ecccdeeab179c318bfb74073d87fe715d50eed75414093546e49b4bda0192

Download Submit
\Users\Admin\AppData\Local\Temp\5818e3a117f67d417e0ad960a54f81fe.exe

Filesize
1.4MB

MD5
0c85e5255e8db9d20cd074c1f6b6f487

SHA1
8717f1c88ce22f429993e47e05bc0cf279a6052c

SHA256
3d04722d4125c58dd55c20e6be8b025c4a12b463f5ae936d82705864335aea12

SHA512
f30c4420ccfdec0347f483875eed3b465d6812b62e3cc7091d13a056c9ad0c41022dd1c3757882c988add7d9594fab94106d647d73e8f7fbc419b21af259f338

Download Submit
memory/2280-15-0x0000000003EC0000-0x00000000043AF000-memory.dmp

Filesize
4.9MB

Download
memory/2280-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2280-1-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/2280-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2280-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2732-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2732-18-0x0000000000280000-0x00000000003B3000-memory.dmp

Filesize
1.2MB

Download
memory/2732-21-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2732-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2732-25-0x0000000003510000-0x000000000373A000-memory.dmp

Filesize
2.2MB

Download
memory/2732-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download