59144e903d61a6af4490dc5aa2391139deb81107b920d942bbdbb90612ac298f

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66ad4f7b33f5aea6647d1cc0da27fd18.exe
Size

5.8MB
MD5

66ad4f7b33f5aea6647d1cc0da27fd18
SHA1

53acfb37bd63c74ec54ca0ceb3cab16fcd62f53b
SHA256

59144e903d61a6af4490dc5aa2391139deb81107b920d942bbdbb90612ac298f
SHA512

e66c38bb21988d964b43a9ae953e4bd4a2bcd01ba84d73339d998bd9a7c8a5cfdad2f82743d735c8595a93e1ea31ee1506a1ec0971cf840c3e7d248d3ea30dd3
SSDEEP

98304:IS7ce29HUFRXJJOugg3gnl/IVUs1jePs/dnsmKaoR76Ugg3gnl/IVUs1jePs:Nm9g5gl/iBiPsn1g7Zgl/iBiP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2832	66ad4f7b33f5aea6647d1cc0da27fd18.exe

Executes dropped EXE 1 IoCs

pid	Process
2832	66ad4f7b33f5aea6647d1cc0da27fd18.exe

Loads dropped DLL 1 IoCs

pid	Process
2124	66ad4f7b33f5aea6647d1cc0da27fd18.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2124-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012243-10.dat	upx
behavioral1/files/0x000a000000012243-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2124	66ad4f7b33f5aea6647d1cc0da27fd18.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2124	66ad4f7b33f5aea6647d1cc0da27fd18.exe
2832	66ad4f7b33f5aea6647d1cc0da27fd18.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2832	2124	66ad4f7b33f5aea6647d1cc0da27fd18.exe	28
PID 2124 wrote to memory of 2832	2124	66ad4f7b33f5aea6647d1cc0da27fd18.exe	28
PID 2124 wrote to memory of 2832	2124	66ad4f7b33f5aea6647d1cc0da27fd18.exe	28
PID 2124 wrote to memory of 2832	2124	66ad4f7b33f5aea6647d1cc0da27fd18.exe	28

C:\Users\Admin\AppData\Local\Temp\66ad4f7b33f5aea6647d1cc0da27fd18.exe
"C:\Users\Admin\AppData\Local\Temp\66ad4f7b33f5aea6647d1cc0da27fd18.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\66ad4f7b33f5aea6647d1cc0da27fd18.exe
  C:\Users\Admin\AppData\Local\Temp\66ad4f7b33f5aea6647d1cc0da27fd18.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\66ad4f7b33f5aea6647d1cc0da27fd18.exe

Filesize
326KB

MD5
1649f15be48c7c921909f57b285fa004

SHA1
f6787d86c80dae5e8a22c5ee9f3176919fb49288

SHA256
69ae29afd88cc0879c67edf1a94602385e2045f54c053594a0844ecb387219c3

SHA512
93f222bd3a28f8e6d23af4f272229a21cdba59ccba5394068f4402d769292591fdffa918e80328eedb40b444581671e7087194fb932ef8c967d451fb0a1bf7e9

Download Submit
\Users\Admin\AppData\Local\Temp\66ad4f7b33f5aea6647d1cc0da27fd18.exe

Filesize
205KB

MD5
e6a28d9c550d98096be5f301ffea9d3c

SHA1
c24ad59288d13d0d7878266eb8466684623efbbb

SHA256
63591aaf80a5ce05e32c41e4836a0e72bbc3c409cc52db42f28983ecb5e7dd3b

SHA512
f33725e7eb56c7bd85e484f0e5d80b894012331ff453f84b4f6aaeff3c7f08087ff256bef606d46b3badbf0a09ab69eebdec74ed957f815566f65c3804accdb2

Download Submit
memory/2124-15-0x0000000004090000-0x000000000457F000-memory.dmp

Filesize
4.9MB

Download
memory/2124-3-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2124-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2124-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2124-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2124-31-0x0000000004090000-0x000000000457F000-memory.dmp

Filesize
4.9MB

Download
memory/2832-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2832-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2832-19-0x0000000000280000-0x00000000003B3000-memory.dmp

Filesize
1.2MB

Download
memory/2832-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2832-26-0x0000000003510000-0x000000000373A000-memory.dmp

Filesize
2.2MB

Download
memory/2832-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download