83ee88911975857a45086f012084f2a18f53da879637d76351378022c6d2d0b0

Analysis

max time kernel
119s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a0ee1258594bf2a1d6a6fa45caa29c7.exe
Size

1.5MB
MD5

5a0ee1258594bf2a1d6a6fa45caa29c7
SHA1

3a1c7abd5a9d25f36233c452c623eb512239a961
SHA256

83ee88911975857a45086f012084f2a18f53da879637d76351378022c6d2d0b0
SHA512

f475a8c2199714349f896b4fcc54037fae84c1da3cb03a01b744fd140f122e7df06064843ccb49cffc1453bfab9ff7146e945b02a043120c073fbe32830a2b73
SSDEEP

24576:UOZ/deb3Ws1rJ1kTEOm20mmaXx1FHkzl/YQk5Jg+mPeNLxEiVhEXr1RlSujMW:ngrdJOT7Ql/ReN1K/AF

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2332	5a0ee1258594bf2a1d6a6fa45caa29c7.exe

Executes dropped EXE 1 IoCs

pid	Process
2332	5a0ee1258594bf2a1d6a6fa45caa29c7.exe

Loads dropped DLL 1 IoCs

pid	Process
2176	5a0ee1258594bf2a1d6a6fa45caa29c7.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2176-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012263-10.dat	upx
behavioral1/files/0x0009000000012263-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2176	5a0ee1258594bf2a1d6a6fa45caa29c7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2176	5a0ee1258594bf2a1d6a6fa45caa29c7.exe
2332	5a0ee1258594bf2a1d6a6fa45caa29c7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2332	2176	5a0ee1258594bf2a1d6a6fa45caa29c7.exe	27
PID 2176 wrote to memory of 2332	2176	5a0ee1258594bf2a1d6a6fa45caa29c7.exe	27
PID 2176 wrote to memory of 2332	2176	5a0ee1258594bf2a1d6a6fa45caa29c7.exe	27
PID 2176 wrote to memory of 2332	2176	5a0ee1258594bf2a1d6a6fa45caa29c7.exe	27

C:\Users\Admin\AppData\Local\Temp\5a0ee1258594bf2a1d6a6fa45caa29c7.exe
"C:\Users\Admin\AppData\Local\Temp\5a0ee1258594bf2a1d6a6fa45caa29c7.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\5a0ee1258594bf2a1d6a6fa45caa29c7.exe
  C:\Users\Admin\AppData\Local\Temp\5a0ee1258594bf2a1d6a6fa45caa29c7.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5a0ee1258594bf2a1d6a6fa45caa29c7.exe

Filesize
707KB

MD5
0552ad375fc37144c3756dddcc0291aa

SHA1
c46c254a42a907e0d6294eb7557303cd08d34a20

SHA256
32fd061f2676ffcc051867c65cd8af6d8014ea22b55552cf06a96d18b6aeac99

SHA512
3a18c52f6c6f82ad8b0adfe9f0e45a79d02179d768d3a15d9797be08d9187ee35ed1217c6725ee9a1a92e4a4c9103052f2a06e907ea74c72530811aa0c2151e6

Download Submit
\Users\Admin\AppData\Local\Temp\5a0ee1258594bf2a1d6a6fa45caa29c7.exe

Filesize
741KB

MD5
3fca758f696c7e48cdc3c3b87ab08cbe

SHA1
2d6e01c2e280385d50efebbe9152b55ae1276acb

SHA256
79d69d98247226ff496cd0c89983f4bc6d506748520e1b60cd9b994fc1217834

SHA512
c68ed8892d80b225d06e3c551651d47c8e6fbbaae0cbf89af1a928e249ebd49fd5c693854727d85e620bafd276d04f9af279189d8a97d8fc579534bf9ba7d433

Download Submit
memory/2176-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2176-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2176-16-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2176-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2176-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2176-31-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2332-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2332-20-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2332-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2332-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2332-25-0x0000000003400000-0x000000000362A000-memory.dmp

Filesize
2.2MB

Download
memory/2332-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download