1dba3997a0115bdabb78491a2e30bd1b876ba5847a316a664e17c886c33e623b

Analysis

max time kernel
119s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 07:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a9b086b6dccfe39d06061358a13f113.exe
Size

5.8MB
MD5

5a9b086b6dccfe39d06061358a13f113
SHA1

6540a09fd58a323fc603af7db3a77b5992973fe2
SHA256

1dba3997a0115bdabb78491a2e30bd1b876ba5847a316a664e17c886c33e623b
SHA512

42561856442f0e45f237e02704255755ce284c68e2da5cf572a8c1d73256fde4e354b8a7b2f5afe8a3167e1aa3b47408fd6c64e913d4433f33dcdf3ddc15ca16
SSDEEP

98304:3ULWVNkD68gnw4Pop4HBUCczzM3ckpB/Bdl7D8PhIw2AVL4HBUCczzM3:A+Ignw4PoKWCQK/B7D8PhVVEWC

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1248	5a9b086b6dccfe39d06061358a13f113.exe

Executes dropped EXE 1 IoCs

pid	Process
1248	5a9b086b6dccfe39d06061358a13f113.exe

Loads dropped DLL 1 IoCs

pid	Process
1620	5a9b086b6dccfe39d06061358a13f113.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1620-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001225d-10.dat	upx
behavioral1/files/0x000b00000001225d-15.dat	upx
behavioral1/memory/1248-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1620	5a9b086b6dccfe39d06061358a13f113.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1620	5a9b086b6dccfe39d06061358a13f113.exe
1248	5a9b086b6dccfe39d06061358a13f113.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 1248	1620	5a9b086b6dccfe39d06061358a13f113.exe	28
PID 1620 wrote to memory of 1248	1620	5a9b086b6dccfe39d06061358a13f113.exe	28
PID 1620 wrote to memory of 1248	1620	5a9b086b6dccfe39d06061358a13f113.exe	28
PID 1620 wrote to memory of 1248	1620	5a9b086b6dccfe39d06061358a13f113.exe	28

C:\Users\Admin\AppData\Local\Temp\5a9b086b6dccfe39d06061358a13f113.exe
"C:\Users\Admin\AppData\Local\Temp\5a9b086b6dccfe39d06061358a13f113.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Users\Admin\AppData\Local\Temp\5a9b086b6dccfe39d06061358a13f113.exe
  C:\Users\Admin\AppData\Local\Temp\5a9b086b6dccfe39d06061358a13f113.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5a9b086b6dccfe39d06061358a13f113.exe

Filesize
61KB

MD5
fe1f93f1d17c44ddc7288eb37c0fd041

SHA1
2033f901a4df0616fd7f469db6579f22a4c8e1ff

SHA256
7960f773063a3dc503b8ce4cf99868e653c705a7eca4865c3afe670b2e45e5a8

SHA512
e2b98ce093e30204f6b1f423ea71cbba1a1da7a4bba3efa06ce49cdae30e43eeb62db27a7fe3511faf9ba3546da31deb7c52ccc8b0f971fd449bd5baa3e464ea

Download Submit
\Users\Admin\AppData\Local\Temp\5a9b086b6dccfe39d06061358a13f113.exe

Filesize
60KB

MD5
eac0c39429341471afc49e5500decfb9

SHA1
b4c76991501d20ee543fac0390f4f50914bece51

SHA256
e1ee85b1fc147d5355d5e47b6fe2ec5ea3f792cf5ac0e3b5266e1e8d1e69117e

SHA512
670b62b87d655b7148a68ef8fad2212481043c7f683350ff6ed35a9c9dd63624de0198a47d5d3df8decef0505ce3e569bfc8f6e86dd4359325655ec9085a97c9

Download Submit
memory/1248-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1248-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1248-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1248-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1248-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/1248-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1620-3-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/1620-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1620-14-0x0000000003EC0000-0x00000000043AF000-memory.dmp

Filesize
4.9MB

Download
memory/1620-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1620-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download