8f2f3ed067a3161b591922c96b89418cd445fe6442341268a5b331049b421444

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
17/01/2024, 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6353e14c6c985abda3c2070543f47f44.exe
Size

2.7MB
MD5

6353e14c6c985abda3c2070543f47f44
SHA1

96d936532038bde2f61eb1065e7f8a43f65dd549
SHA256

8f2f3ed067a3161b591922c96b89418cd445fe6442341268a5b331049b421444
SHA512

3ad3939cd08b42524d71b3944db16e4e5204b60123c54b050a4ff1636bcd765037304ae51ae4817fc9d62217015b83e4598b568943c507d27d5d5c3d1c680509
SSDEEP

49152:dQcz05YJONuS1d7Hp3wR941EveIbn/FqiiGPlmh/L7hR9j:+c8L8SP7JAH4C9bdqiiGPlmhL9Hj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2360	6353e14c6c985abda3c2070543f47f44.exe

Executes dropped EXE 1 IoCs

pid	Process
2360	6353e14c6c985abda3c2070543f47f44.exe

Loads dropped DLL 1 IoCs

pid	Process
3056	6353e14c6c985abda3c2070543f47f44.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3056-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a000000012262-10.dat	upx
behavioral1/memory/3056-15-0x00000000038F0000-0x0000000003DD7000-memory.dmp	upx
behavioral1/files/0x000a000000012262-14.dat	upx
behavioral1/memory/2360-17-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3056	6353e14c6c985abda3c2070543f47f44.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3056	6353e14c6c985abda3c2070543f47f44.exe
2360	6353e14c6c985abda3c2070543f47f44.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2360	3056	6353e14c6c985abda3c2070543f47f44.exe	28
PID 3056 wrote to memory of 2360	3056	6353e14c6c985abda3c2070543f47f44.exe	28
PID 3056 wrote to memory of 2360	3056	6353e14c6c985abda3c2070543f47f44.exe	28
PID 3056 wrote to memory of 2360	3056	6353e14c6c985abda3c2070543f47f44.exe	28

C:\Users\Admin\AppData\Local\Temp\6353e14c6c985abda3c2070543f47f44.exe
"C:\Users\Admin\AppData\Local\Temp\6353e14c6c985abda3c2070543f47f44.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Users\Admin\AppData\Local\Temp\6353e14c6c985abda3c2070543f47f44.exe
  C:\Users\Admin\AppData\Local\Temp\6353e14c6c985abda3c2070543f47f44.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6353e14c6c985abda3c2070543f47f44.exe

Filesize
1.8MB

MD5
b59ac302ce94fc39d1fd0522fdfc0fdd

SHA1
0008c8a213f5ab2b474ac3850780996b9687a609

SHA256
d9004a544a52ada17b17d8656cc628b687ef62028b975eab20f2ac9ed817b0ee

SHA512
b6ddb50b27cf56e21385d1d14feeda2171b994420c183c7d862c59cc673d41f3c1485f1930018a067a7a598a245b13c3790e8f082528dcb9869f194faa23e06b

Download Submit
\Users\Admin\AppData\Local\Temp\6353e14c6c985abda3c2070543f47f44.exe

Filesize
1.9MB

MD5
1711ff96598e1049b7639c3c22ba86fb

SHA1
2263d9ca18ffc75611a6b9f553c0b85520ba29a6

SHA256
329f3c5d75c58055f0e416ef35953cc5413449a25b4440f9bc70b1c4f859d4f3

SHA512
261cdbabad29a902895f5a6f21d00ce78f968beafce14884bdd1b7a82d4f2a3a92624d9757a85889b190605dbebb2cf3b41ad4c6ae96bd32d161bc2a37d7b400

Download Submit
memory/2360-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2360-19-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2360-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2360-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2360-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2360-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3056-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/3056-15-0x00000000038F0000-0x0000000003DD7000-memory.dmp

Filesize
4.9MB

Download
memory/3056-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3056-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3056-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3056-31-0x00000000038F0000-0x0000000003DD7000-memory.dmp

Filesize
4.9MB

Download