a56e6394c333d8dd7544a9c80d49d9118ab02e94e5c4fe65e87ca0ab2c2fa446

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

675d5e9e912facfe376de63532000904.exe
Size

2.7MB
MD5

675d5e9e912facfe376de63532000904
SHA1

c13933cf5da7352f767bb2d7b43827b33e91a355
SHA256

a56e6394c333d8dd7544a9c80d49d9118ab02e94e5c4fe65e87ca0ab2c2fa446
SHA512

2c0bf23cf5cb14af409c84cf01c2fc3bec29e97d2916e4eef6697d32b433069118f81c0c7719073fb0674803a42d9c5715aa04b2a8ce5efa2e3c861ddf18e44c
SSDEEP

49152:K/ElOhy4USLLvrhwKmsFFNbucn367ooR9twivmN5WgNszxVqwbIDE0eejXahlR9j:K8s44UKLdLPxn3uooHtwOgWgKuwbIHw1

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2212	675d5e9e912facfe376de63532000904.exe

Executes dropped EXE 1 IoCs

pid	Process
2212	675d5e9e912facfe376de63532000904.exe

Loads dropped DLL 1 IoCs

pid	Process
2508	675d5e9e912facfe376de63532000904.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2508-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0009000000012258-10.dat	upx
behavioral1/files/0x0009000000012258-13.dat	upx
behavioral1/memory/2508-15-0x0000000003750000-0x0000000003C37000-memory.dmp	upx
behavioral1/memory/2212-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2508	675d5e9e912facfe376de63532000904.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2508	675d5e9e912facfe376de63532000904.exe
2212	675d5e9e912facfe376de63532000904.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2212	2508	675d5e9e912facfe376de63532000904.exe	28
PID 2508 wrote to memory of 2212	2508	675d5e9e912facfe376de63532000904.exe	28
PID 2508 wrote to memory of 2212	2508	675d5e9e912facfe376de63532000904.exe	28
PID 2508 wrote to memory of 2212	2508	675d5e9e912facfe376de63532000904.exe	28

C:\Users\Admin\AppData\Local\Temp\675d5e9e912facfe376de63532000904.exe
"C:\Users\Admin\AppData\Local\Temp\675d5e9e912facfe376de63532000904.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Users\Admin\AppData\Local\Temp\675d5e9e912facfe376de63532000904.exe
  C:\Users\Admin\AppData\Local\Temp\675d5e9e912facfe376de63532000904.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\675d5e9e912facfe376de63532000904.exe

Filesize
264KB

MD5
2b4715a0220367c1730804d5355b3820

SHA1
72f63e6e909e6f40114577e5365ff87846ecbf9a

SHA256
6b6fd1b31dbd26145e0484c0aef0a8a7757e55e342747552cc456adcc40338fb

SHA512
55a3d64c152042e2706a4fb5d084d432e6e146e561ac612c0c39e1e9f53a68ba9afe5195453d2d836733862466956e299f874aa08c3e231de6d2a06281cc2903

Download Submit
\Users\Admin\AppData\Local\Temp\675d5e9e912facfe376de63532000904.exe

Filesize
599KB

MD5
eb874f4ec3c39a0ec7961fac22c352b7

SHA1
2b56916c0ec53116e6d0929b6b29d9b84c643e77

SHA256
143890e6fffb6ad766dfc81d10289f32499e748931657c2ec5322bec8ab109d3

SHA512
ebd2ba0a147667fc63ef9697fa15e3e13753b6d8834a006d08ee083fbb828379190c14d9e784b89d9c74543805d026ae3ffafcef0befe130b767e7ee1006857f

Download Submit
memory/2212-18-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2212-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2212-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2212-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2212-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2212-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2508-4-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2508-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2508-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2508-15-0x0000000003750000-0x0000000003C37000-memory.dmp

Filesize
4.9MB

Download
memory/2508-0-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2508-31-0x0000000003750000-0x0000000003C37000-memory.dmp

Filesize
4.9MB

Download