2a9ea8d5aef32276b31cd81d59eb9e82573f5d11d08442bb150b0ee8809b17a7

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58f7cca4132b606fd7bbfe36fa83c775.exe
Size

1.3MB
MD5

58f7cca4132b606fd7bbfe36fa83c775
SHA1

a2b0e9a63e2b5b470d204e58fea7c45f62993feb
SHA256

2a9ea8d5aef32276b31cd81d59eb9e82573f5d11d08442bb150b0ee8809b17a7
SHA512

30d5f6f4271f012d504705f389a783ffefae5afa840b9c119540d95802681433bb21ef9bdd442a129dd59f895e2901148833160f5e75fdc231b1c3abd8cbb88f
SSDEEP

24576:nsmSmTiluvKC+PUkqlT73Zz99iUP4N4ZdiZ+Zur2U9/9Us:nF2UkU+4ZdZZurpR9j

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2384	58f7cca4132b606fd7bbfe36fa83c775.exe

Executes dropped EXE 1 IoCs

pid	Process
2384	58f7cca4132b606fd7bbfe36fa83c775.exe

Loads dropped DLL 1 IoCs

pid	Process
1940	58f7cca4132b606fd7bbfe36fa83c775.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1940-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b000000012234-15.dat	upx
behavioral1/memory/2384-17-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b000000012234-12.dat	upx
behavioral1/files/0x000b000000012234-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1940	58f7cca4132b606fd7bbfe36fa83c775.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1940	58f7cca4132b606fd7bbfe36fa83c775.exe
2384	58f7cca4132b606fd7bbfe36fa83c775.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 2384	1940	58f7cca4132b606fd7bbfe36fa83c775.exe	28
PID 1940 wrote to memory of 2384	1940	58f7cca4132b606fd7bbfe36fa83c775.exe	28
PID 1940 wrote to memory of 2384	1940	58f7cca4132b606fd7bbfe36fa83c775.exe	28
PID 1940 wrote to memory of 2384	1940	58f7cca4132b606fd7bbfe36fa83c775.exe	28

C:\Users\Admin\AppData\Local\Temp\58f7cca4132b606fd7bbfe36fa83c775.exe
"C:\Users\Admin\AppData\Local\Temp\58f7cca4132b606fd7bbfe36fa83c775.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Users\Admin\AppData\Local\Temp\58f7cca4132b606fd7bbfe36fa83c775.exe
  C:\Users\Admin\AppData\Local\Temp\58f7cca4132b606fd7bbfe36fa83c775.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\58f7cca4132b606fd7bbfe36fa83c775.exe

Filesize
396KB

MD5
f171f5ee13fddb840f3a757735aa5b65

SHA1
ef4c30465210e4ae71f53544c8582b0d63cf814d

SHA256
cc9455438960ec82667274b89d185aa9bf9362afca1ff8419166d182df15a51e

SHA512
e7cda713f47eb26c00236fdcb60b8c11968ad302874d622be3798c4c2f23af0113b22e72556c618fa6027857f6b3e9aa763797f4638ba3b53a8ac8b55b435e79

Download Submit
C:\Users\Admin\AppData\Local\Temp\58f7cca4132b606fd7bbfe36fa83c775.exe

Filesize
253KB

MD5
174b82c5205f615511be839ee74cf404

SHA1
32ec45c34becbaab54e0260e050bc12294721ed5

SHA256
e8055ac3bbf3a2e31feddb85d623e17df185065e21fc14578825edd80357a2bf

SHA512
bda9977627d41ff31021c9220c7c24eb3322d02f4f3c72754fd9f85bef57aa8da5fc4197696d88a694b6bbb569025a9690265fddfc668f9da55734408b14d1a6

Download Submit
\Users\Admin\AppData\Local\Temp\58f7cca4132b606fd7bbfe36fa83c775.exe

Filesize
129KB

MD5
22ff7750d0365e39f49f4136d45e3dd7

SHA1
44732e5a95362373aa6b924ddd2e7d74ac766fee

SHA256
58ed6c2aee46d4f120acbeb6c8b64e99484821164836e1c4ade4d2ab85f74377

SHA512
af11c66e1d4960d21bfa3194d0cbb37b42c28582730c82eed71edc53d6d0504dcc355bdf1814cc4ab700804a39420a8eb08b0793442f97371746146384a819d7

Download Submit
memory/1940-0-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1940-3-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1940-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1940-14-0x00000000034C0000-0x00000000039A7000-memory.dmp

Filesize
4.9MB

Download
memory/1940-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1940-31-0x00000000034C0000-0x00000000039A7000-memory.dmp

Filesize
4.9MB

Download
memory/2384-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2384-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2384-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2384-25-0x0000000003400000-0x0000000003622000-memory.dmp

Filesize
2.1MB

Download
memory/2384-19-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2384-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download