a42459b2da65eb67e18f66289e7cfa028b544da5830b459f713c05aa11bd883a

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 12:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58ebf50b6d093039e46fd8ec0589827a.exe
Size

1.3MB
MD5

58ebf50b6d093039e46fd8ec0589827a
SHA1

1ecaecabd63e053586a8eb18fbd1e7badfd4e08d
SHA256

a42459b2da65eb67e18f66289e7cfa028b544da5830b459f713c05aa11bd883a
SHA512

da8eb86f34759a199b640631222d8368a791ae50c0aef7783637e0fbde0f50c3a80607fb99e11b9d591ae8fe7ed69af2f4d3293e66a0389d6ced5e22555a65a6
SSDEEP

24576:QuDigl7y8jsXv70Yr/feV+kU1ohQX/2WIZ77LjNwm+19qt2cWc:QuDigl7KXv7j/M1hQeWIRNwZ19qt2cp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2704	58ebf50b6d093039e46fd8ec0589827a.exe

Executes dropped EXE 1 IoCs

pid	Process
2704	58ebf50b6d093039e46fd8ec0589827a.exe

Loads dropped DLL 1 IoCs

pid	Process
2776	58ebf50b6d093039e46fd8ec0589827a.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2776-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2704-15-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012256-14.dat	upx
behavioral1/files/0x000c000000012256-12.dat	upx
behavioral1/files/0x000c000000012256-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2776	58ebf50b6d093039e46fd8ec0589827a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2776	58ebf50b6d093039e46fd8ec0589827a.exe
2704	58ebf50b6d093039e46fd8ec0589827a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2704	2776	58ebf50b6d093039e46fd8ec0589827a.exe	28
PID 2776 wrote to memory of 2704	2776	58ebf50b6d093039e46fd8ec0589827a.exe	28
PID 2776 wrote to memory of 2704	2776	58ebf50b6d093039e46fd8ec0589827a.exe	28
PID 2776 wrote to memory of 2704	2776	58ebf50b6d093039e46fd8ec0589827a.exe	28

C:\Users\Admin\AppData\Local\Temp\58ebf50b6d093039e46fd8ec0589827a.exe
"C:\Users\Admin\AppData\Local\Temp\58ebf50b6d093039e46fd8ec0589827a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Users\Admin\AppData\Local\Temp\58ebf50b6d093039e46fd8ec0589827a.exe
  C:\Users\Admin\AppData\Local\Temp\58ebf50b6d093039e46fd8ec0589827a.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\58ebf50b6d093039e46fd8ec0589827a.exe

Filesize
188KB

MD5
042ac9ff18971dff7425a011de6996e2

SHA1
92b61725d88ac39ff64ac325fb045aea9ffec7fc

SHA256
aec90a3d6a62c9fec4ada1f18b3dd80a5bbadbf60461f907b4533fcef5318e41

SHA512
deda65cfb39245a1ae24d9698a5304348a24003a5c97104ad50d949f153d60dc2fb5b76514edfc9e9481b25d20e66104dd0953946903168b8fe7d5c51b6f42ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\58ebf50b6d093039e46fd8ec0589827a.exe

Filesize
203KB

MD5
e1faaaaf8f0ac4088eba57dd4c7bd048

SHA1
3a009c91c70ff553595736384cc9546c8fdb4e9e

SHA256
412ac1c25d28200d10e7fb1c696eee51f9b393452568ff1ddf0ae3e2aa5b9075

SHA512
de0a1ffb68e7cd017ea3d636c7be1ccd3d253253712e73fdef4901bfd190c45a937212f2ad3fc49642a329d9571ec2fcc29438bda28cf487f082127a5a9c3004

Download Submit
\Users\Admin\AppData\Local\Temp\58ebf50b6d093039e46fd8ec0589827a.exe

Filesize
1.3MB

MD5
43f3023531059b6a8d76c4c5bceed581

SHA1
201e5f60e1ffeb8d94ff8b61ed905125145aaaa6

SHA256
cf486af4af492c8fe6a1d30aa236709c20a240b8d62d2268d5e6fe51660f29b4

SHA512
6901c80b4e5c37fe0a1cd7e9c22da88657e89d7dd1160382160bad7a858ef33b213291dee43b48907c2b0a44bd7123a546ad543cdc28408d609966bbe9cfe3c1

Download Submit
memory/2704-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2704-17-0x0000000000290000-0x00000000003C3000-memory.dmp

Filesize
1.2MB

Download
memory/2704-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2704-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2704-23-0x0000000003520000-0x000000000374A000-memory.dmp

Filesize
2.2MB

Download
memory/2704-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2776-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2776-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2776-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2776-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download