bb5a89980d731b010bbf806fca4f3a4143f9c71967921dcb8fed802980c2877b

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 09:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

650964ca5109a05113cfb957b746c811.exe
Size

1.3MB
MD5

650964ca5109a05113cfb957b746c811
SHA1

26cdadfab49cbc61cafa19ca5147c5c7e71e4e65
SHA256

bb5a89980d731b010bbf806fca4f3a4143f9c71967921dcb8fed802980c2877b
SHA512

d0a4a476e5b1f672d77051f971e6f99c9905ba9ce2aa312ec7ec8c65eaa0fbf6d05ff53e246b0e0f423a13c6c68ddf1028a5cf59b36ff68d27c999a8c4ad6f93
SSDEEP

24576:NELIfkhAm4eXowjweJJQLTEA132h80nfcVyIf7mgfFBosRcKnkOyU9/9Us:NEoiAZewaJwAAanfcVyIyNKkOVR9j

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1724	650964ca5109a05113cfb957b746c811.exe

Executes dropped EXE 1 IoCs

pid	Process
1724	650964ca5109a05113cfb957b746c811.exe

Loads dropped DLL 1 IoCs

pid	Process
2324	650964ca5109a05113cfb957b746c811.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2324-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a000000012243-12.dat	upx
behavioral1/files/0x000a000000012243-13.dat	upx
behavioral1/memory/1724-17-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a000000012243-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2324	650964ca5109a05113cfb957b746c811.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2324	650964ca5109a05113cfb957b746c811.exe
1724	650964ca5109a05113cfb957b746c811.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 1724	2324	650964ca5109a05113cfb957b746c811.exe	28
PID 2324 wrote to memory of 1724	2324	650964ca5109a05113cfb957b746c811.exe	28
PID 2324 wrote to memory of 1724	2324	650964ca5109a05113cfb957b746c811.exe	28
PID 2324 wrote to memory of 1724	2324	650964ca5109a05113cfb957b746c811.exe	28

C:\Users\Admin\AppData\Local\Temp\650964ca5109a05113cfb957b746c811.exe
"C:\Users\Admin\AppData\Local\Temp\650964ca5109a05113cfb957b746c811.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Users\Admin\AppData\Local\Temp\650964ca5109a05113cfb957b746c811.exe
  C:\Users\Admin\AppData\Local\Temp\650964ca5109a05113cfb957b746c811.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\650964ca5109a05113cfb957b746c811.exe

Filesize
222KB

MD5
2955267a6f54c2dce2977a965ccd0a5c

SHA1
77859534baade8b714687367d6f08618172df918

SHA256
2d070f0e4f21060131242dccd9de167f0475453a29fffdd6cbab23b73929803f

SHA512
de83884e171e61b904d3baaa1d36135a2ce8985e77e3cc7c8df5c83e5213273da68844268d9729ae958b362a421d68d632dfb9d64257d09f99991d9454e1ad7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\650964ca5109a05113cfb957b746c811.exe

Filesize
156KB

MD5
3ca9ed32ff9ac49e5f14a1a86f1b818e

SHA1
f0c1eff64f0c3a78adbc63ca2a9b1c81124d227d

SHA256
8aeaeb81bb33a21f25198fbb74d80f7021a9ee2c206f00deed3d07030186e058

SHA512
2bdf0c86dcc68d0fd9568820ff35bcf04efc226bab4f1bc00a60ab84f2ce6f9e106a74c6d7f1ba0024401cc3497d61aab51f4442af7b55afd8574d62df1b48b2

Download Submit
\Users\Admin\AppData\Local\Temp\650964ca5109a05113cfb957b746c811.exe

Filesize
141KB

MD5
7f01a0c8310e460028213e40c28fa574

SHA1
ec92a4f4e3655f4f98ab1a8367c816b80abb17e6

SHA256
f700b54540b143e06fb9b7e40b5695e53167fe41264d220507ee115fa1bc732b

SHA512
95d450f1907d3194bcf796f3de276591b92085765d37fb9373b4b474a762fb56c14981279ae1042c9d0936cba341c8310df738c598112c3506e90935e991c200

Download Submit
memory/1724-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1724-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1724-18-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1724-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1724-25-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/1724-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2324-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2324-15-0x00000000035D0000-0x0000000003AB7000-memory.dmp

Filesize
4.9MB

Download
memory/2324-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2324-2-0x0000000000290000-0x00000000003C1000-memory.dmp

Filesize
1.2MB

Download
memory/2324-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2324-31-0x00000000035D0000-0x0000000003AB7000-memory.dmp

Filesize
4.9MB

Download