a86a15efeb1d4a0e6397abcb8212bc46e57c65d1fc7ce354f09069914c3a03cc

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 06:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64b5a5e585d63ae518ffd1ec9c16df66.exe
Size

2.7MB
MD5

64b5a5e585d63ae518ffd1ec9c16df66
SHA1

dd6b3129a10e30afe89380631ea090547d02f1d3
SHA256

a86a15efeb1d4a0e6397abcb8212bc46e57c65d1fc7ce354f09069914c3a03cc
SHA512

c190aa3d59783782c2048c3cd6870b65be795c0d66e90e7ddd8e0da547b5f329da75640330c9d44b32f7245e6a83acb91dc4222e03bff3ecf29d85fb652ba7e8
SSDEEP

49152:ptiKzr3J318D0PNcW51oyzsTcM9BtN74NH5HUyNRcUsCVOzetdZk:tbYD0P+W519zcciBt4HBUCczzMO

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2668	64b5a5e585d63ae518ffd1ec9c16df66.exe

Executes dropped EXE 1 IoCs

pid	Process
2668	64b5a5e585d63ae518ffd1ec9c16df66.exe

Loads dropped DLL 1 IoCs

pid	Process
2620	64b5a5e585d63ae518ffd1ec9c16df66.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2620-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012246-10.dat	upx
behavioral1/memory/2668-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012246-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2620	64b5a5e585d63ae518ffd1ec9c16df66.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2620	64b5a5e585d63ae518ffd1ec9c16df66.exe
2668	64b5a5e585d63ae518ffd1ec9c16df66.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 2668	2620	64b5a5e585d63ae518ffd1ec9c16df66.exe	28
PID 2620 wrote to memory of 2668	2620	64b5a5e585d63ae518ffd1ec9c16df66.exe	28
PID 2620 wrote to memory of 2668	2620	64b5a5e585d63ae518ffd1ec9c16df66.exe	28
PID 2620 wrote to memory of 2668	2620	64b5a5e585d63ae518ffd1ec9c16df66.exe	28

C:\Users\Admin\AppData\Local\Temp\64b5a5e585d63ae518ffd1ec9c16df66.exe
"C:\Users\Admin\AppData\Local\Temp\64b5a5e585d63ae518ffd1ec9c16df66.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Users\Admin\AppData\Local\Temp\64b5a5e585d63ae518ffd1ec9c16df66.exe
  C:\Users\Admin\AppData\Local\Temp\64b5a5e585d63ae518ffd1ec9c16df66.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\64b5a5e585d63ae518ffd1ec9c16df66.exe

Filesize
1.9MB

MD5
453268e1c01e0fb685eb3599abeff3b2

SHA1
560688df5892ee43188d3d748973e486231b0ce2

SHA256
aab77e0d092e02f45611b876e25e03fdf6dfeab6d36ce9a768cc351a674519cf

SHA512
00eb85bf6f7e552ac17da00af011974d9d0d2bdc6b1304bfb9dd231782b80e916125289f062586b83be577fd593b633c73bc53e3dd0c81f6da3b4909af1ec82f

Download Submit
\Users\Admin\AppData\Local\Temp\64b5a5e585d63ae518ffd1ec9c16df66.exe

Filesize
1.1MB

MD5
52bdcd44f638a00d2103d5d3db86dfd0

SHA1
3f7a029460f0d08407b864c8915d981f3bb4a5c3

SHA256
8ed0f27afd266c435eb28cb9d18c810bd56ee7a2744d4afa64a781301746b87a

SHA512
2ca95921db0fffa51e312ead63a9bc9102d538a03f8f2619986ce9ebab8a54ceda36c96ee850379bccde176bc909240de3081122f8d38908658b8bea816b0d4e

Download Submit
memory/2620-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2620-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2620-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2620-13-0x00000000038A0000-0x0000000003D8F000-memory.dmp

Filesize
4.9MB

Download
memory/2620-1-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2620-31-0x00000000038A0000-0x0000000003D8F000-memory.dmp

Filesize
4.9MB

Download
memory/2668-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2668-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2668-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2668-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2668-24-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/2668-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download