deb12ee542e8ee85256f476c60031ce04b26d884481b9be3df4479128516df1f

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59d9d3426c38f1cff329800a24cc5430.exe
Size

3.9MB
MD5

59d9d3426c38f1cff329800a24cc5430
SHA1

671254f127858e9c7ff714b4cb12f8c0b8e691a6
SHA256

deb12ee542e8ee85256f476c60031ce04b26d884481b9be3df4479128516df1f
SHA512

b6295a13ede87063e61fce071b288b85d469f81742ab5f70a85499503e5284b618c099dbdf1c0bb7b588e13af56eb1dafeffa55a85e5439c4ab939aa5e707960
SSDEEP

98304:R7kcUldE1UPbMcWEWzvgg3gnl/IVUt4pJWzZtIygg3gnl/IVUV:VkcUldBYjgl/iwgWttJgl/iG

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3032	59d9d3426c38f1cff329800a24cc5430.exe

Executes dropped EXE 1 IoCs

pid	Process
3032	59d9d3426c38f1cff329800a24cc5430.exe

Loads dropped DLL 1 IoCs

pid	Process
1588	59d9d3426c38f1cff329800a24cc5430.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1588-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000900000001225c-10.dat	upx
behavioral1/files/0x000900000001225c-14.dat	upx
behavioral1/memory/3032-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1588	59d9d3426c38f1cff329800a24cc5430.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1588	59d9d3426c38f1cff329800a24cc5430.exe
3032	59d9d3426c38f1cff329800a24cc5430.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 3032	1588	59d9d3426c38f1cff329800a24cc5430.exe	28
PID 1588 wrote to memory of 3032	1588	59d9d3426c38f1cff329800a24cc5430.exe	28
PID 1588 wrote to memory of 3032	1588	59d9d3426c38f1cff329800a24cc5430.exe	28
PID 1588 wrote to memory of 3032	1588	59d9d3426c38f1cff329800a24cc5430.exe	28

C:\Users\Admin\AppData\Local\Temp\59d9d3426c38f1cff329800a24cc5430.exe
"C:\Users\Admin\AppData\Local\Temp\59d9d3426c38f1cff329800a24cc5430.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Users\Admin\AppData\Local\Temp\59d9d3426c38f1cff329800a24cc5430.exe
  C:\Users\Admin\AppData\Local\Temp\59d9d3426c38f1cff329800a24cc5430.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\59d9d3426c38f1cff329800a24cc5430.exe

Filesize
1.1MB

MD5
8993d6d03b1cb10e7a2db3da51f7853d

SHA1
fb7e23e9854965bcccb298ce8e4a68e2de4d18f1

SHA256
779db18adc37f409674b8a065838e53442af85321c05f48cfbe50296fa3eb5bd

SHA512
0de33e8072f5bd1abfa099babcecd10ee82d8ac92ca9bd69c98e25c01eb48001354e9bb7726d125f75f9bb493219c4184f7b7e2957678cc7e2ed5e0fe45b4b0a

Download Submit
\Users\Admin\AppData\Local\Temp\59d9d3426c38f1cff329800a24cc5430.exe

Filesize
1.2MB

MD5
60413fcbff4e5c14ccc87e5f9039fd54

SHA1
c48001899c9556aa7abf876fd4964e233c0aac73

SHA256
bb1dcfe6a105444e3ac71dfb1c71598383a7a168a2afe4526aa64c104a5143fb

SHA512
13fb3ab00d5f529db4770b1208a450e07f45d0aa6e084e7627bf0f55d11bd57d270aec88a91b1ed43b8fee1902dbf028c21772716af5a2a0aadf5ae4f196ad45

Download Submit
memory/1588-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1588-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1588-15-0x00000000039F0000-0x0000000003EDF000-memory.dmp

Filesize
4.9MB

Download
memory/1588-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1588-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1588-31-0x00000000039F0000-0x0000000003EDF000-memory.dmp

Filesize
4.9MB

Download
memory/3032-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3032-17-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/3032-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3032-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3032-25-0x0000000003690000-0x00000000038BA000-memory.dmp

Filesize
2.2MB

Download
memory/3032-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download