88bca1df064f334db6653c4c7c045bae00947cd6286aacab10417cfb8e4dae12

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/01/2024, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fade2bc1082210a9eaef5d79ba01ad0.exe
Size

2.9MB
MD5

6fade2bc1082210a9eaef5d79ba01ad0
SHA1

86d6239e940dfc864daeee1099af64183af8753b
SHA256

88bca1df064f334db6653c4c7c045bae00947cd6286aacab10417cfb8e4dae12
SHA512

4ee2f71b868f16cd56393d3c039e99a7b76fe329d8f4ea155d718e8b6d63d35d608417d73be75056c35f16fec7ed4e1530b6ec1335faa8b6301f0f17d9fd652d
SSDEEP

49152:tPBA19QTHyM9hcWhR7KUKVSuN74NH5HUyNRcUsCVOzetdZJ:xcO8WTuPEu4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3040	6fade2bc1082210a9eaef5d79ba01ad0.exe

Executes dropped EXE 1 IoCs

pid	Process
3040	6fade2bc1082210a9eaef5d79ba01ad0.exe

Loads dropped DLL 1 IoCs

pid	Process
1916	6fade2bc1082210a9eaef5d79ba01ad0.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1916-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0007000000012281-10.dat	upx
behavioral1/memory/3040-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0007000000012281-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1916	6fade2bc1082210a9eaef5d79ba01ad0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1916	6fade2bc1082210a9eaef5d79ba01ad0.exe
3040	6fade2bc1082210a9eaef5d79ba01ad0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 3040	1916	6fade2bc1082210a9eaef5d79ba01ad0.exe	28
PID 1916 wrote to memory of 3040	1916	6fade2bc1082210a9eaef5d79ba01ad0.exe	28
PID 1916 wrote to memory of 3040	1916	6fade2bc1082210a9eaef5d79ba01ad0.exe	28
PID 1916 wrote to memory of 3040	1916	6fade2bc1082210a9eaef5d79ba01ad0.exe	28

C:\Users\Admin\AppData\Local\Temp\6fade2bc1082210a9eaef5d79ba01ad0.exe
"C:\Users\Admin\AppData\Local\Temp\6fade2bc1082210a9eaef5d79ba01ad0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Users\Admin\AppData\Local\Temp\6fade2bc1082210a9eaef5d79ba01ad0.exe
  C:\Users\Admin\AppData\Local\Temp\6fade2bc1082210a9eaef5d79ba01ad0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6fade2bc1082210a9eaef5d79ba01ad0.exe

Filesize
1.6MB

MD5
ab0e3c3145aea72328d22ac679b81a47

SHA1
a06dd38188cddd21199f4c8550fa9908f1badd99

SHA256
998b46599b95602551d2b9ba21172d65465d77ea9bbc67fc572e136700246533

SHA512
3e352cc10946e34b3c77dec647bf98ec8d5466381ee7e94dd8bea0878596d3b70bd47707ac5fd624564996e02203918b468dcfd29af524101d64be2131c6583c

Download Submit
\Users\Admin\AppData\Local\Temp\6fade2bc1082210a9eaef5d79ba01ad0.exe

Filesize
1.8MB

MD5
68381504f5b3b56344691b797b912afe

SHA1
69222063f7e38b939fc837bac94c19fa3e0a1a3d

SHA256
8a7f497ff8bf17bbc3461f35a8da1b73271075b3e2626caa30ae6d519c2cdba8

SHA512
788ffcc824af08048f20775a33187595ff6645ac5c623aa6200ec868014b2ac5909aae52465caec931b37907127f6b9dbcc1fae4c02bc0f281cb3bfcf4169fa7

Download Submit
memory/1916-14-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/1916-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1916-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1916-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1916-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1916-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/3040-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3040-18-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/3040-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3040-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3040-25-0x0000000003500000-0x000000000372A000-memory.dmp

Filesize
2.2MB

Download
memory/3040-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download