9afe07e7f1b4e43a7c24a4a2d43d1089bf215ae94c42482126f2b191dabe7d85

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65b975417ee07e91458bf8b25bebbc24.exe
Size

2.9MB
MD5

65b975417ee07e91458bf8b25bebbc24
SHA1

4b273f15a7d81f86ab3b077b5c43f1467522c658
SHA256

9afe07e7f1b4e43a7c24a4a2d43d1089bf215ae94c42482126f2b191dabe7d85
SHA512

3fa87bd9d1096e09610e5ff3c4e148a815a82e5219a2910e57d89685a1dbebb804ead4c87c28560c31b68ea5407bdd9ee7936397478138c2bee3b058618b9b87
SSDEEP

49152:b5HjycCx5HSy1quMZu3N74NH5HUyNRcUsCVOzetdZJ:pjzCx5vvMZu34HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2824	65b975417ee07e91458bf8b25bebbc24.exe

Executes dropped EXE 1 IoCs

pid	Process
2824	65b975417ee07e91458bf8b25bebbc24.exe

Loads dropped DLL 1 IoCs

pid	Process
2132	65b975417ee07e91458bf8b25bebbc24.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2132-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001225c-10.dat	upx
behavioral1/files/0x000b00000001225c-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2132	65b975417ee07e91458bf8b25bebbc24.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2132	65b975417ee07e91458bf8b25bebbc24.exe
2824	65b975417ee07e91458bf8b25bebbc24.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2824	2132	65b975417ee07e91458bf8b25bebbc24.exe	28
PID 2132 wrote to memory of 2824	2132	65b975417ee07e91458bf8b25bebbc24.exe	28
PID 2132 wrote to memory of 2824	2132	65b975417ee07e91458bf8b25bebbc24.exe	28
PID 2132 wrote to memory of 2824	2132	65b975417ee07e91458bf8b25bebbc24.exe	28

C:\Users\Admin\AppData\Local\Temp\65b975417ee07e91458bf8b25bebbc24.exe
"C:\Users\Admin\AppData\Local\Temp\65b975417ee07e91458bf8b25bebbc24.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Users\Admin\AppData\Local\Temp\65b975417ee07e91458bf8b25bebbc24.exe
  C:\Users\Admin\AppData\Local\Temp\65b975417ee07e91458bf8b25bebbc24.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\65b975417ee07e91458bf8b25bebbc24.exe

Filesize
305KB

MD5
f1e92fae10d0d1913c364889ec1b812c

SHA1
96db6587b025a38356f4a3e891a3fc28eb60d605

SHA256
cb4a4edbeea2ec21f67721a67d5f78f1f423c3342b441e87c4c2813efa5fee61

SHA512
e398cc32ca88ebeba12b89d6a352a36f1f9c4ae6f8fa26fdce5c530c8296a5fe89f48bb1ac198a6cfdcaf0d1b21cdbd6e0c31d211941e719888a79449b4c16cc

Download Submit
\Users\Admin\AppData\Local\Temp\65b975417ee07e91458bf8b25bebbc24.exe

Filesize
494KB

MD5
a14a9da91bcab93038a84937c78543bd

SHA1
28a35cf0b7934b2feeb5166b249dd192aa9df0da

SHA256
324dc362db7483de5aed1b606151f8b901ca88cc09f94c655524e56b2caa44a4

SHA512
f45157b71d6e49ff9a833fd7b8d95a9147b90453d1f4d14938af32731383698cb09bf8c5b03d028c1b3334ae25fe96ddda76cf5620745d5f56a8b80b32bffd4b

Download Submit
memory/2132-15-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2132-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2132-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2132-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2132-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2824-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2824-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2824-19-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/2824-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2824-24-0x0000000003690000-0x00000000038BA000-memory.dmp

Filesize
2.2MB

Download
memory/2824-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download