e741c9948e787545a1de1268d1835813215aa69a603709b1c857e2b981379b5a

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

689e19925254f332b99cc73ad05aae41.exe
Size

1.5MB
MD5

689e19925254f332b99cc73ad05aae41
SHA1

4b3ce4fcd3dc8494f397a329bdc1e2b11a6c8ebb
SHA256

e741c9948e787545a1de1268d1835813215aa69a603709b1c857e2b981379b5a
SHA512

73e07367d8f7b2e3367f3a22fad58c9daa3794e5f01f87d89d5f5076ae750a1ec32c0f34e2c5b45d0cbc323835d3ba62009e472a6710ace4fdab1282dbf9386f
SSDEEP

24576:TSHEii63fJ7VH0Sn8cDIFlBMVMKcI2Y/IKt5RuEJClrRAI5LAHMjBmkkW:2HEMffHkDZMVFaabaFAMAH5n

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2292	689e19925254f332b99cc73ad05aae41.exe

Executes dropped EXE 1 IoCs

pid	Process
2292	689e19925254f332b99cc73ad05aae41.exe

Loads dropped DLL 1 IoCs

pid	Process
2900	689e19925254f332b99cc73ad05aae41.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2900-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012243-13.dat	upx
behavioral1/memory/2900-15-0x0000000003510000-0x00000000039FF000-memory.dmp	upx
behavioral1/files/0x000a000000012243-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2900	689e19925254f332b99cc73ad05aae41.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2900	689e19925254f332b99cc73ad05aae41.exe
2292	689e19925254f332b99cc73ad05aae41.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2292	2900	689e19925254f332b99cc73ad05aae41.exe	28
PID 2900 wrote to memory of 2292	2900	689e19925254f332b99cc73ad05aae41.exe	28
PID 2900 wrote to memory of 2292	2900	689e19925254f332b99cc73ad05aae41.exe	28
PID 2900 wrote to memory of 2292	2900	689e19925254f332b99cc73ad05aae41.exe	28

C:\Users\Admin\AppData\Local\Temp\689e19925254f332b99cc73ad05aae41.exe
"C:\Users\Admin\AppData\Local\Temp\689e19925254f332b99cc73ad05aae41.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Users\Admin\AppData\Local\Temp\689e19925254f332b99cc73ad05aae41.exe
  C:\Users\Admin\AppData\Local\Temp\689e19925254f332b99cc73ad05aae41.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\689e19925254f332b99cc73ad05aae41.exe

Filesize
649KB

MD5
35f95b98c58ca2e30a7f884112ef2b5d

SHA1
8727ba49d42fb733800e46dd20772fd502189f7b

SHA256
5d070b8886bd79670dbde9ccd68c08690ca0aec45fc8a787d677b81280c518be

SHA512
00bbc57f406f0c610fbad0543e12b9f6ed2af73ebac2183ee96bddf873344de68cf59a0dda832013b2b1eab6d62a280d5cef93cb4b974a418ec1260efecefcdc

Download Submit
\Users\Admin\AppData\Local\Temp\689e19925254f332b99cc73ad05aae41.exe

Filesize
1.2MB

MD5
b4f3708522ef6dbed542a4bf05c63851

SHA1
efd5c35dbef03b8cdb944a34484600a367adcf6c

SHA256
5c8c70302fa617bd73de0f2154b9bd49fb3b57e108b9617f866713314d628b49

SHA512
f6d51dcc682db2e1d7824d504599f0c5146aedf066b6cb9ee14e9fd6ab1ff90659dbd122286ed3f4fb8375874adfc5e5948d40aacc094c6888addf2b9e77f3a7

Download Submit
memory/2292-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2292-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2292-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2292-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2292-18-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2292-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2900-4-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2900-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2900-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2900-15-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2900-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2900-31-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download