cc0aa58e9e6f25f0d0a3f7a4f6ec237f7d627dd20244f6b379908ac8ad85c74c

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 05:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

648f55eb3b697a2e2cda6d458e65ec38.exe
Size

2.9MB
MD5

648f55eb3b697a2e2cda6d458e65ec38
SHA1

57190c8424cf63ed73fa63d3b08ca2f70e1554ba
SHA256

cc0aa58e9e6f25f0d0a3f7a4f6ec237f7d627dd20244f6b379908ac8ad85c74c
SHA512

614254feb802e64ba8acb9bfd35033d8ff7c404f75ddfd2cc62f82b9788e450e9e756b3adfe13527fa7de9dc9c0bdc73a9e5694910e012327842c912a89cc0d5
SSDEEP

49152:yfOn4yCLqm2MDmCO2E5NwVfXalP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:z4pLql45W5yxQgg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3016	648f55eb3b697a2e2cda6d458e65ec38.exe

Executes dropped EXE 1 IoCs

pid	Process
3016	648f55eb3b697a2e2cda6d458e65ec38.exe

Loads dropped DLL 1 IoCs

pid	Process
2340	648f55eb3b697a2e2cda6d458e65ec38.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2340-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001650c-13.dat	upx
behavioral1/files/0x000a00000001650c-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2340	648f55eb3b697a2e2cda6d458e65ec38.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2340	648f55eb3b697a2e2cda6d458e65ec38.exe
3016	648f55eb3b697a2e2cda6d458e65ec38.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 3016	2340	648f55eb3b697a2e2cda6d458e65ec38.exe	28
PID 2340 wrote to memory of 3016	2340	648f55eb3b697a2e2cda6d458e65ec38.exe	28
PID 2340 wrote to memory of 3016	2340	648f55eb3b697a2e2cda6d458e65ec38.exe	28
PID 2340 wrote to memory of 3016	2340	648f55eb3b697a2e2cda6d458e65ec38.exe	28

C:\Users\Admin\AppData\Local\Temp\648f55eb3b697a2e2cda6d458e65ec38.exe
"C:\Users\Admin\AppData\Local\Temp\648f55eb3b697a2e2cda6d458e65ec38.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Users\Admin\AppData\Local\Temp\648f55eb3b697a2e2cda6d458e65ec38.exe
  C:\Users\Admin\AppData\Local\Temp\648f55eb3b697a2e2cda6d458e65ec38.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\648f55eb3b697a2e2cda6d458e65ec38.exe

Filesize
776KB

MD5
57f4f1d22e66ebf153124b7c7a3336b7

SHA1
eb96d75bc682360e92118067a99757c4d92d98bc

SHA256
49647c57d3067f0b504d1b7d37b0d209586efb0b38ea1284d597196a78071491

SHA512
567ffcc3f5f39da72e156f36247ffc4919e88ea3e031620e28af7f116d511b11aae73c526f46ffa6f4ae61239559d2f50d0428352b4a8b42bb36041afc51bb98

Download Submit
\Users\Admin\AppData\Local\Temp\648f55eb3b697a2e2cda6d458e65ec38.exe

Filesize
886KB

MD5
eb3147413028468be2de11ded84edacb

SHA1
1aaa991e80d8029e5247ba6dd2cf6c35af45ebe4

SHA256
b238e428b7acd3480f3fe1b52a69ee371b8a9ddb93b8acf0fab00f7a23c74339

SHA512
cd0d6c27fab33dd9d022ef8d30e031afbb24cb53e9da3f99943bef826bfdb2a8214d84d8a22712f39e91bd2c61a4e53c4cca103d9b4acce12498008a708b9c5d

Download Submit
memory/2340-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2340-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2340-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2340-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3016-16-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/3016-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3016-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3016-23-0x0000000003420000-0x000000000364A000-memory.dmp

Filesize
2.2MB

Download
memory/3016-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3016-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download