7673c5f6768f9b4ddfac595a336c498473acfd669f79212f8a8a1b0b40c40ec8

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65d3313b58943b9e7c1071c0e0c786fb.exe
Size

2.9MB
MD5

65d3313b58943b9e7c1071c0e0c786fb
SHA1

4396985926450e7c8a048d4505e9cd8a705f1da8
SHA256

7673c5f6768f9b4ddfac595a336c498473acfd669f79212f8a8a1b0b40c40ec8
SHA512

793576375de8e1ac29bd7cbfbcc39b461272a81efe4881bbce411fcc150435ec41b0f2881c7bb0088a45a58b1d755dfe3aa4464ec45b3fac8eae2aa58f9db72d
SSDEEP

49152:v1x6MdL8lMOalTq9loeSPfDggkFypIegnBW1Ih6a7m2Ya2xn+95xy+xrKrdHWqPQ:v1x6MdLoMd+LwUFFypNIh6iRYzxn+cEP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1956	65d3313b58943b9e7c1071c0e0c786fb.exe

Executes dropped EXE 1 IoCs

pid	Process
1956	65d3313b58943b9e7c1071c0e0c786fb.exe

Loads dropped DLL 1 IoCs

pid	Process
2480	65d3313b58943b9e7c1071c0e0c786fb.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2480-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001225c-10.dat	upx
behavioral1/files/0x000b00000001225c-14.dat	upx
behavioral1/memory/2480-15-0x00000000036B0000-0x0000000003B9F000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2480	65d3313b58943b9e7c1071c0e0c786fb.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2480	65d3313b58943b9e7c1071c0e0c786fb.exe
1956	65d3313b58943b9e7c1071c0e0c786fb.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 1956	2480	65d3313b58943b9e7c1071c0e0c786fb.exe	28
PID 2480 wrote to memory of 1956	2480	65d3313b58943b9e7c1071c0e0c786fb.exe	28
PID 2480 wrote to memory of 1956	2480	65d3313b58943b9e7c1071c0e0c786fb.exe	28
PID 2480 wrote to memory of 1956	2480	65d3313b58943b9e7c1071c0e0c786fb.exe	28

C:\Users\Admin\AppData\Local\Temp\65d3313b58943b9e7c1071c0e0c786fb.exe
"C:\Users\Admin\AppData\Local\Temp\65d3313b58943b9e7c1071c0e0c786fb.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Users\Admin\AppData\Local\Temp\65d3313b58943b9e7c1071c0e0c786fb.exe
  C:\Users\Admin\AppData\Local\Temp\65d3313b58943b9e7c1071c0e0c786fb.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\65d3313b58943b9e7c1071c0e0c786fb.exe

Filesize
733KB

MD5
775f2dbbd2ef227e489ac2531e8458b3

SHA1
caf6393b3268f4bfb0a18051c2292eed9c1cee7d

SHA256
956673dc5ae311b950912548ef198d2f0258bc0a20303a52dcad5a20e286ef3d

SHA512
e556268e83b06ed1410e2cf628993a947de7aedfe5c3dfd5feb109792b8da8763668599de31362014315cb092cf5be3b2d498bace6f12bc5b07b92090405be47

Download Submit
\Users\Admin\AppData\Local\Temp\65d3313b58943b9e7c1071c0e0c786fb.exe

Filesize
750KB

MD5
e71d06e842c63738818f77baec5d1c03

SHA1
be3c6131e908ac28074242d84dfb98709a2c8696

SHA256
5c9048adcaed8ca2e09f4f5e0c7fc01bf8238f6d18d729cb8ffe74e8b6902d93

SHA512
715a9be332f8acc2b3ca291f01d984f118df5c8d18d738853cce78a2c78feef6923ba7560b28c617906f8ac7168f344d8ade73776d1fd9fb37b02248b4727c03

Download Submit
memory/1956-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1956-19-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/1956-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1956-25-0x00000000032D0000-0x00000000034FA000-memory.dmp

Filesize
2.2MB

Download
memory/1956-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1956-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2480-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2480-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2480-2-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2480-15-0x00000000036B0000-0x0000000003B9F000-memory.dmp

Filesize
4.9MB

Download
memory/2480-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download