d46b7519480fd60331e5c7323616af272aeab058376f6aa1887d8b43ad09a672

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 01:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59e49e3b038607a14661ac42049e6519.exe
Size

1.3MB
MD5

59e49e3b038607a14661ac42049e6519
SHA1

9e1e61938de8e990ab08f554556f741b564ce881
SHA256

d46b7519480fd60331e5c7323616af272aeab058376f6aa1887d8b43ad09a672
SHA512

39fd896fe5182f9533136f1a0627c1b421661ab2353f763f59fed97029fe136dc6a988f83c0881452284bf385c15e72b3b1ae14e77e73fd4d9a62e26ab3a8dbb
SSDEEP

24576:wO6/42tHC+eKseqqV9iXn8CYjOgcybsPfceRZj0dbFxMR5lb5WO:wO0tHC1KH/WGzcybmfce7jSW5f

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1844	59e49e3b038607a14661ac42049e6519.exe

Executes dropped EXE 1 IoCs

pid	Process
1844	59e49e3b038607a14661ac42049e6519.exe

Loads dropped DLL 1 IoCs

pid	Process
944	59e49e3b038607a14661ac42049e6519.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/944-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d0000000122a8-15.dat	upx
behavioral1/memory/1844-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d0000000122a8-12.dat	upx
behavioral1/files/0x000d0000000122a8-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
944	59e49e3b038607a14661ac42049e6519.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
944	59e49e3b038607a14661ac42049e6519.exe
1844	59e49e3b038607a14661ac42049e6519.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 1844	944	59e49e3b038607a14661ac42049e6519.exe	28
PID 944 wrote to memory of 1844	944	59e49e3b038607a14661ac42049e6519.exe	28
PID 944 wrote to memory of 1844	944	59e49e3b038607a14661ac42049e6519.exe	28
PID 944 wrote to memory of 1844	944	59e49e3b038607a14661ac42049e6519.exe	28

C:\Users\Admin\AppData\Local\Temp\59e49e3b038607a14661ac42049e6519.exe
"C:\Users\Admin\AppData\Local\Temp\59e49e3b038607a14661ac42049e6519.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:944
- C:\Users\Admin\AppData\Local\Temp\59e49e3b038607a14661ac42049e6519.exe
  C:\Users\Admin\AppData\Local\Temp\59e49e3b038607a14661ac42049e6519.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\59e49e3b038607a14661ac42049e6519.exe

Filesize
337KB

MD5
441c45643eef64f05dbcfb11735c3d03

SHA1
8d99b6120a7e2be51025172affeddfd5ea980175

SHA256
8d02837ac0079c6380802f4ceb8aa712eae2b761488d7ab70e1ca2d6b9b0f1fa

SHA512
789fa3fef1e5dbaa12f6e7c5d4fa830acf4187ff58ebf929dbe002e0e79e65ddcfd8e37d7a66ce522f2444303f9894b89034b0312aa0872104d9a19a7de03697

Download Submit
C:\Users\Admin\AppData\Local\Temp\59e49e3b038607a14661ac42049e6519.exe

Filesize
413KB

MD5
51818fff8cd83a3e662f01128f43c11d

SHA1
a1620da0f8e10e83fa07173a50e6c3e429240146

SHA256
c795e8494596b3f4ab3781c75bbf7150b754b69e6b5ed6fa07fe27911478f572

SHA512
5249e9274e649f313e7264f6378f90e0f56481d75cf9d27e30634ce6e59fb8e2e0888010078d2e5dc7edfa7807b639e25739852f174cc00cef4bb4615199732e

Download Submit
\Users\Admin\AppData\Local\Temp\59e49e3b038607a14661ac42049e6519.exe

Filesize
349KB

MD5
f63d38c2308a576dd83b81ead6085a4f

SHA1
a59c78e1c1a2b19caf9faee268bf07500e5971ed

SHA256
546e1c7064b8688e5e761ddb4fa6645da128e7fa31c6d13b83763272e2ab6d46

SHA512
c4d7252fe77d03e0350367b211131b0315520e3f6793091165baf0316d3fb51e577ac99a84153daf5c6e3fda082dfc4b7d1f2c4e1c1b11e6c2a74ca58a720654

Download Submit
memory/944-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/944-1-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/944-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/944-14-0x00000000034C0000-0x00000000039AF000-memory.dmp

Filesize
4.9MB

Download
memory/944-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1844-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1844-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1844-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1844-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/1844-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1844-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download