1c66c9e931f5d387fd8d68b1d4327891d5f7da3cc71d7464123680ebd28d18e6

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 10:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5afcebb679247caaeeae4f1891e76952.exe
Size

1.3MB
MD5

5afcebb679247caaeeae4f1891e76952
SHA1

0ba281d487d76f4b667ceb32c1f334aece831377
SHA256

1c66c9e931f5d387fd8d68b1d4327891d5f7da3cc71d7464123680ebd28d18e6
SHA512

bf0fc1a9bffca522d9ba9f623af0083edef69f25a7b7c9acf8886a8476f8d33165e01f7a391a77d6cd141be476c48ccff14b8d4c1e83b46ccef4c6836f8d9ebc
SSDEEP

24576:D5mfRVDp7TuVerkYdgAkQ/DHwi5v50KIEjJhAD9PB7YAJwlyvG:gZVDFgGkYdTLHH5eKrJQtiYw

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2788	5afcebb679247caaeeae4f1891e76952.exe

Executes dropped EXE 1 IoCs

pid	Process
2788	5afcebb679247caaeeae4f1891e76952.exe

Loads dropped DLL 1 IoCs

pid	Process
2056	5afcebb679247caaeeae4f1891e76952.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2056-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a00000001225a-11.dat	upx
behavioral1/files/0x000a00000001225a-16.dat	upx
behavioral1/memory/2056-15-0x0000000003510000-0x000000000397A000-memory.dmp	upx
behavioral1/memory/2788-18-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a00000001225a-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2056	5afcebb679247caaeeae4f1891e76952.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2056	5afcebb679247caaeeae4f1891e76952.exe
2788	5afcebb679247caaeeae4f1891e76952.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2788	2056	5afcebb679247caaeeae4f1891e76952.exe	28
PID 2056 wrote to memory of 2788	2056	5afcebb679247caaeeae4f1891e76952.exe	28
PID 2056 wrote to memory of 2788	2056	5afcebb679247caaeeae4f1891e76952.exe	28
PID 2056 wrote to memory of 2788	2056	5afcebb679247caaeeae4f1891e76952.exe	28

C:\Users\Admin\AppData\Local\Temp\5afcebb679247caaeeae4f1891e76952.exe
"C:\Users\Admin\AppData\Local\Temp\5afcebb679247caaeeae4f1891e76952.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Users\Admin\AppData\Local\Temp\5afcebb679247caaeeae4f1891e76952.exe
  C:\Users\Admin\AppData\Local\Temp\5afcebb679247caaeeae4f1891e76952.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5afcebb679247caaeeae4f1891e76952.exe

Filesize
234KB

MD5
af24ab7f4082ae93b4319cec066c35ff

SHA1
8b05e0bf89ed6867eaac9f6061504cc9fd8e99d9

SHA256
b930221e20a426a2555f432a1a3260efe04e3acc921bfa922a0ab23141b51d6c

SHA512
62dd188d78abb3494c25e864242a60b4aab89e7c28be7da5ba471b4b5636605498ff7c5cbcc71f50d554e14afd07de1d43199323d9433ab7b1a073d7c1f2505c

Download Submit
C:\Users\Admin\AppData\Local\Temp\5afcebb679247caaeeae4f1891e76952.exe

Filesize
207KB

MD5
a7c4d13c8164629f0f7e92c3dd3618ad

SHA1
5b53d11719a577f3a7e760a23d70717a5b0ef767

SHA256
47959b2520c1dae203b0c9d9bc1f79b2c05d30c842e8434d86c790bd90543494

SHA512
b443d4d11a736c868207286b833e37a78ec0dbf7b92913de62df10b1fdf8e23c0a20e4d0d87faa0be691eefbbe7699f9683486960205d0feccf9ba85f4934737

Download Submit
\Users\Admin\AppData\Local\Temp\5afcebb679247caaeeae4f1891e76952.exe

Filesize
611KB

MD5
395c36a6c1735f79b1e52ae09a4c0c62

SHA1
cbc59f7fbd653a08290076d15533601aee1b04f6

SHA256
75154c49ce632c93cb8d31c140ce72160e38951c30e67bf6182b182765dc0dfd

SHA512
9d3f9a6967f40df60ebb066f044b3fd892852d44ed4880096f80ac853cbad1fc2b329de74a4822c03fb2b48d15f44d16f4849f655137c3ac83fba310e4e79d56

Download Submit
memory/2056-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2056-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2056-15-0x0000000003510000-0x000000000397A000-memory.dmp

Filesize
4.4MB

Download
memory/2056-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2056-14-0x0000000000700000-0x0000000000861000-memory.dmp

Filesize
1.4MB

Download
memory/2056-1-0x0000000000260000-0x0000000000372000-memory.dmp

Filesize
1.1MB

Download
memory/2788-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2788-20-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2788-19-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2788-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download