0b0f4872cea385e033d16bb4662afc78ddc4b562a7f2dd1af735af200d0ec2fa

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 17:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

659f99f6b0b8b040af44745600879845.exe
Size

11.7MB
MD5

659f99f6b0b8b040af44745600879845
SHA1

6a45183831f190d00e16285868761f23d268d997
SHA256

0b0f4872cea385e033d16bb4662afc78ddc4b562a7f2dd1af735af200d0ec2fa
SHA512

20ea10d6fe7134f5d52df354c84e15a9f3b1165b03612b9760953a9d5ff95dc727989cac6c6fd82dc40e35456fc45eb9e795517cd06b8f23e9b9790aaf5a74ec
SSDEEP

196608:ls2LVo+lIXXsBl31YQvGeq+xTXsBl31YeEhAiXsBl31YQvGeq+xTXsBl31Y:umBlIXc3hvvzxTc30hAic3hvvzxTc3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2388	659f99f6b0b8b040af44745600879845.exe

Executes dropped EXE 1 IoCs

pid	Process
2388	659f99f6b0b8b040af44745600879845.exe

Loads dropped DLL 1 IoCs

pid	Process
2500	659f99f6b0b8b040af44745600879845.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2500-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2388-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012321-15.dat	upx
behavioral1/files/0x000c000000012321-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2500	659f99f6b0b8b040af44745600879845.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2500	659f99f6b0b8b040af44745600879845.exe
2388	659f99f6b0b8b040af44745600879845.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2500 wrote to memory of 2388	2500	659f99f6b0b8b040af44745600879845.exe	28
PID 2500 wrote to memory of 2388	2500	659f99f6b0b8b040af44745600879845.exe	28
PID 2500 wrote to memory of 2388	2500	659f99f6b0b8b040af44745600879845.exe	28
PID 2500 wrote to memory of 2388	2500	659f99f6b0b8b040af44745600879845.exe	28

C:\Users\Admin\AppData\Local\Temp\659f99f6b0b8b040af44745600879845.exe
"C:\Users\Admin\AppData\Local\Temp\659f99f6b0b8b040af44745600879845.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2500
- C:\Users\Admin\AppData\Local\Temp\659f99f6b0b8b040af44745600879845.exe
  C:\Users\Admin\AppData\Local\Temp\659f99f6b0b8b040af44745600879845.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\659f99f6b0b8b040af44745600879845.exe

Filesize
34KB

MD5
ea003c1db7c3d7537d8817d66860cad5

SHA1
448eb30eb6048c21e526e0d6fe8df3d7559855b3

SHA256
a9e5362f566d268042020067ca88f05907bce62c1508d1beb34180d91a1dc31e

SHA512
f2740599b3fa3eba811397855fbc4e56004a208f551b9043372210ab8db7291356b6853f1d8753113f9fbe11489d1510185f8b7937c708f2f5c1b315632b4952

Download Submit
\Users\Admin\AppData\Local\Temp\659f99f6b0b8b040af44745600879845.exe

Filesize
1019KB

MD5
f3d05edef4c16ff6ff52fce350b70f95

SHA1
0551164eaa56c5fb2560f1c523c31b41d94293c2

SHA256
382074bf149eb78a59b8640e8574b392c7516c40e1fa532928ed9497ccded7f7

SHA512
5064083fdfc0a9847df24cab4c9275adcd7eb337561ed39bf97ba61d5d5c450551cf795a55d233a92efe3520958e560940eedcf9aa99a7908cbf874fc228450b

Download Submit
memory/2388-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2388-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2388-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2388-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2388-26-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2388-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2500-14-0x0000000004B00000-0x0000000004FEF000-memory.dmp

Filesize
4.9MB

Download
memory/2500-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2500-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2500-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2500-31-0x0000000004B00000-0x0000000004FEF000-memory.dmp

Filesize
4.9MB

Download
memory/2500-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download