2f0049d5f00318c3c1621fc94fc6bd2048d5a0b298bb5917afb61e644f40c473

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a2f31e3a773d48036f8679580fb49f3.exe
Size

2.9MB
MD5

5a2f31e3a773d48036f8679580fb49f3
SHA1

d73bee7c465c480eb623ab439dfa05d5808f4e55
SHA256

2f0049d5f00318c3c1621fc94fc6bd2048d5a0b298bb5917afb61e644f40c473
SHA512

5db1da39b95553e3589275867dcdd44cefb9a7284019643a45a097d64f38cbb4da85a7a59b4fde5ef414374fe75b02fc618b49ff01c21b968064e14be23ef7ad
SSDEEP

49152:QcEuqR8kPm+ZNN5wgd7Vu+0OVCsKGi9s5K3P4M338dB2IBlGuuDVUsdxxjeQZwxs:QckR8ke+ZN/wge+0OCT/gg3gnl/IVUsn

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2520	5a2f31e3a773d48036f8679580fb49f3.exe

Executes dropped EXE 1 IoCs

pid	Process
2520	5a2f31e3a773d48036f8679580fb49f3.exe

Loads dropped DLL 1 IoCs

pid	Process
2672	5a2f31e3a773d48036f8679580fb49f3.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2672-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d000000012246-12.dat	upx
behavioral1/files/0x000d000000012246-13.dat	upx
behavioral1/files/0x000d000000012246-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2672	5a2f31e3a773d48036f8679580fb49f3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2672	5a2f31e3a773d48036f8679580fb49f3.exe
2520	5a2f31e3a773d48036f8679580fb49f3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2520	2672	5a2f31e3a773d48036f8679580fb49f3.exe	23
PID 2672 wrote to memory of 2520	2672	5a2f31e3a773d48036f8679580fb49f3.exe	23
PID 2672 wrote to memory of 2520	2672	5a2f31e3a773d48036f8679580fb49f3.exe	23
PID 2672 wrote to memory of 2520	2672	5a2f31e3a773d48036f8679580fb49f3.exe	23

C:\Users\Admin\AppData\Local\Temp\5a2f31e3a773d48036f8679580fb49f3.exe
"C:\Users\Admin\AppData\Local\Temp\5a2f31e3a773d48036f8679580fb49f3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Users\Admin\AppData\Local\Temp\5a2f31e3a773d48036f8679580fb49f3.exe
  C:\Users\Admin\AppData\Local\Temp\5a2f31e3a773d48036f8679580fb49f3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5a2f31e3a773d48036f8679580fb49f3.exe

Filesize
173KB

MD5
e07e9ea7694ceee851a75ad85d29fd41

SHA1
2decf4a06ea161a0a39e3f943c8658ad118cc680

SHA256
ffeecc04bb3d35986d2acd7bf7572ac320b4ce33b248f3a98bc0d7444ee9d9cc

SHA512
367f5e0e42a6e5b3e2241e26a95b69304f9d83ac0ea71e7544f6bf5c5d02a81a7001b0c7c4bddfafe2103fb0a3c28637e9b5469bce9e188202118bf9427e94c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\5a2f31e3a773d48036f8679580fb49f3.exe

Filesize
149KB

MD5
41898d8a60cdd58a7598caac5e417326

SHA1
5508bcc5271923299bbfc5ce25106efc5ea3d521

SHA256
a979a54d854e7e452708f02cbcb3003caa97e9fd5ab6c26d891b7b8c47ca7694

SHA512
c8f0fb3ae097ab2080cd9e6cf7340d01eea702dec5a946d33b9107de9a149b0e557dda632aa1fc8d560caf29c8728a197349b88c7bcdaf6b6c33f31288a75353

Download Submit
\Users\Admin\AppData\Local\Temp\5a2f31e3a773d48036f8679580fb49f3.exe

Filesize
264KB

MD5
6a66700f0a9970f51dee5fca41bf237a

SHA1
b5c0d0d409cdcd430cab0a3316b4bf61c82288ff

SHA256
73b48cda1c91dbac8b75b3f008366dd9ff0ffdd0abe4fd160a484352e3535fd4

SHA512
3e35ceab876d96593d8094cd305944c09c47eda751ec209e81c541ca4f2e22528b02068fd97d47c3feb4186462f0fc3400ea330bc20ec5741c0f529b2159c434

Download Submit
memory/2520-17-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2520-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2520-23-0x00000000034E0000-0x000000000370A000-memory.dmp

Filesize
2.2MB

Download
memory/2520-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2520-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2672-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2672-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2672-15-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2672-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2672-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2672-30-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download