5fc45f9d446cf5dd8dcc7553e5762acff61a6868a42e00c6a840f6d9dcccf727

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18-01-2024 12:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65676f55a7e69be09c3cfcf9431f2b4b.exe
Size

2.7MB
MD5

65676f55a7e69be09c3cfcf9431f2b4b
SHA1

1e0304627c272f6c36a40f0c78571c6120d3daba
SHA256

5fc45f9d446cf5dd8dcc7553e5762acff61a6868a42e00c6a840f6d9dcccf727
SHA512

eb5accffa74c4d446f7f11d174cc638c5118684b19484c08754f54e8bb163152178e8013b9ed5aea3cad73fffab148288af5f044ed3eb7760cd41be56b2f6696
SSDEEP

49152:8Mhi/PJhXmeSEqEZQIOvnbplhselm+ro2AAZ+4lRzws7qQvxTAemaQkjO8dCRf:8Mhi/PJhWTMVQnbpDlNfZzJws7qcxGkI

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2324	65676f55a7e69be09c3cfcf9431f2b4b.exe

Executes dropped EXE 1 IoCs

pid	Process
2324	65676f55a7e69be09c3cfcf9431f2b4b.exe

Loads dropped DLL 1 IoCs

pid	Process
3036	65676f55a7e69be09c3cfcf9431f2b4b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3036-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a0000000139b6-10.dat	upx
behavioral1/files/0x000a0000000139b6-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3036	65676f55a7e69be09c3cfcf9431f2b4b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3036	65676f55a7e69be09c3cfcf9431f2b4b.exe
2324	65676f55a7e69be09c3cfcf9431f2b4b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2324	3036	65676f55a7e69be09c3cfcf9431f2b4b.exe	28
PID 3036 wrote to memory of 2324	3036	65676f55a7e69be09c3cfcf9431f2b4b.exe	28
PID 3036 wrote to memory of 2324	3036	65676f55a7e69be09c3cfcf9431f2b4b.exe	28
PID 3036 wrote to memory of 2324	3036	65676f55a7e69be09c3cfcf9431f2b4b.exe	28

C:\Users\Admin\AppData\Local\Temp\65676f55a7e69be09c3cfcf9431f2b4b.exe
"C:\Users\Admin\AppData\Local\Temp\65676f55a7e69be09c3cfcf9431f2b4b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Users\Admin\AppData\Local\Temp\65676f55a7e69be09c3cfcf9431f2b4b.exe
  C:\Users\Admin\AppData\Local\Temp\65676f55a7e69be09c3cfcf9431f2b4b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\65676f55a7e69be09c3cfcf9431f2b4b.exe

Filesize
158KB

MD5
e68002ce2c7b9da61247d93aafb91b8b

SHA1
a70b9ff1262558a5d1b8136921854de51c6b4a87

SHA256
632bf8121e759405850c709bea2ac74dd3334c3d3a3e9b3b26284a52f897a8b7

SHA512
daeb37d8c3ff5b3d9ae27c0e18fe2cb4bd41bd0ac311251fde72d96906a01ae5c5d22c680bb668e8eb3d00fafd69f59b0e1a8994f3613ea98c40c3563cc7b639

Download Submit
\Users\Admin\AppData\Local\Temp\65676f55a7e69be09c3cfcf9431f2b4b.exe

Filesize
160KB

MD5
4592817c778f2d72d0719771d3710de6

SHA1
e7ffbc49469330fb23fb91d4a50fb82733094aef

SHA256
ac742c44f984e9d83f262aec0e920ac4ca1c593803dbfacbfc366cc00a6d25d4

SHA512
ae5fe9b9e48701faae03265460c791d2fa51bd0201af50ac05fdfbda1c6446270b0ed56b2be0d52a7ed6d9e36277310986159a4f4af4c0f8fc45cbba2d28df5a

Download Submit
memory/2324-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2324-18-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2324-21-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2324-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2324-26-0x0000000003460000-0x000000000368A000-memory.dmp

Filesize
2.2MB

Download
memory/2324-33-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3036-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3036-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3036-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3036-14-0x0000000003880000-0x0000000003D6F000-memory.dmp

Filesize
4.9MB

Download
memory/3036-1-0x0000000000290000-0x00000000003C3000-memory.dmp

Filesize
1.2MB

Download
memory/3036-32-0x0000000003880000-0x0000000003D6F000-memory.dmp

Filesize
4.9MB

Download