1a40f83a89c2279e246e8a9491b58f8e4d003ad91e84152840671b8b73515451

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

641162415d1e259200e0712455b2d70f.exe
Size

1.3MB
MD5

641162415d1e259200e0712455b2d70f
SHA1

311b7479c5dd579ff38bceed7f1f3c82cbeb8b47
SHA256

1a40f83a89c2279e246e8a9491b58f8e4d003ad91e84152840671b8b73515451
SHA512

b84e5e2978cdc83a63bdd079efc7e25260483444117a1c0fed2fb2f212e71d36993b83612043b097d6b2380d65d4f62ad4821643a213f20e297d9c38f46d3e7d
SSDEEP

24576:a1ivEd+KGeswKE18H99/JZyCopFIn3/hFLE7n6M/gt7Oz5nCGgvvG:UiEdewKQ8dxKJpa5FLQ6ltok

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2292	641162415d1e259200e0712455b2d70f.exe

Executes dropped EXE 1 IoCs

pid	Process
2292	641162415d1e259200e0712455b2d70f.exe

Loads dropped DLL 1 IoCs

pid	Process
2208	641162415d1e259200e0712455b2d70f.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2208-1-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0008000000012267-11.dat	upx
behavioral1/files/0x0008000000012267-13.dat	upx
behavioral1/files/0x0008000000012267-16.dat	upx
behavioral1/memory/2292-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2208	641162415d1e259200e0712455b2d70f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2208	641162415d1e259200e0712455b2d70f.exe
2292	641162415d1e259200e0712455b2d70f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2292	2208	641162415d1e259200e0712455b2d70f.exe	28
PID 2208 wrote to memory of 2292	2208	641162415d1e259200e0712455b2d70f.exe	28
PID 2208 wrote to memory of 2292	2208	641162415d1e259200e0712455b2d70f.exe	28
PID 2208 wrote to memory of 2292	2208	641162415d1e259200e0712455b2d70f.exe	28

C:\Users\Admin\AppData\Local\Temp\641162415d1e259200e0712455b2d70f.exe
"C:\Users\Admin\AppData\Local\Temp\641162415d1e259200e0712455b2d70f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\641162415d1e259200e0712455b2d70f.exe
  C:\Users\Admin\AppData\Local\Temp\641162415d1e259200e0712455b2d70f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\641162415d1e259200e0712455b2d70f.exe

Filesize
530KB

MD5
b64977bb82f14a932084cb91ef288205

SHA1
b727cf3187c2a55ebf41d5206c280feeae7ab43c

SHA256
2dea6f1d9305e20d152386807f1f2c52147385ff8f29685a12377d955059c188

SHA512
434e228e998ae8a31f33425f95c52410c9821e8b29c5ed6a1b2ef4931c04657359ee9a40cd1f8ce09e96425d65ca190bc799ccfd08738fc16db11935db8b67c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\641162415d1e259200e0712455b2d70f.exe

Filesize
564KB

MD5
74f1b83ae44fbfe23181402e08396ea3

SHA1
a23d4cbb39abf195076719d14704d3b88f2219a0

SHA256
9efd8f37c61ab5d81fb1b356379e7b8e72165a9f83b4b783b7733aca26d7c70e

SHA512
6d5962d94b9b2fd81df234753d644814888da98d5a1c7ca74412aa8e30876a043befe506cb34f436c6d26feb68caedfcb713dfb2e75b7945b1456274a35ff31f

Download Submit
\Users\Admin\AppData\Local\Temp\641162415d1e259200e0712455b2d70f.exe

Filesize
900KB

MD5
d9e0c36aa04550c94a7b48d29b11dd40

SHA1
d4631e0137cfeba250ddad31d3036306eeddd774

SHA256
e9ec6abf49ca007f3adefffe0a5d90763a80de9ae86d5a5da53647fb26e56160

SHA512
2bda2f112ce4c97c0ff50a5eadee35df1e2cc02bfffa6e4a45d35ad732a457011cb5f2db13ad8718f55fa91a3f1e5c693cfb5479b26534fe4f949ea65a910973

Download Submit
memory/2208-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2208-3-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2208-1-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2208-0-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2208-14-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download
memory/2208-26-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download
memory/2292-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2292-18-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2292-19-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2292-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download