78a68671857959bbed516ee52702a4110cb5cb141c7870d8991e2f218e72bee6

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/01/2024, 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fe9665d90587254c13c4e19b276ccd6.exe
Size

2.7MB
MD5

6fe9665d90587254c13c4e19b276ccd6
SHA1

1184aca76d91cb1e5ce75397879b6f389907ddaa
SHA256

78a68671857959bbed516ee52702a4110cb5cb141c7870d8991e2f218e72bee6
SHA512

ff3d567f79124bc8205cb4dfb82e838b27644d07ac545769e6c72da730e99e5e11ad2170ed93643a27f0d172a0f402a3d5a19816e248a9bfffc9c17a21f6b726
SSDEEP

49152:2SIImL5wcMLbaP1OIzm+9pp/hkR9ktBc1+Q4YdxSChG38bDUggR9t:2um+Ra9OIHpdhkHktBcwQDM2YIDULHt

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2744	6fe9665d90587254c13c4e19b276ccd6.exe

Executes dropped EXE 1 IoCs

pid	Process
2744	6fe9665d90587254c13c4e19b276ccd6.exe

Loads dropped DLL 1 IoCs

pid	Process
2484	6fe9665d90587254c13c4e19b276ccd6.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2484-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x00050000000120fa-13.dat	upx
behavioral1/memory/2744-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x00050000000120fa-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2484	6fe9665d90587254c13c4e19b276ccd6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2484	6fe9665d90587254c13c4e19b276ccd6.exe
2744	6fe9665d90587254c13c4e19b276ccd6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2744	2484	6fe9665d90587254c13c4e19b276ccd6.exe	28
PID 2484 wrote to memory of 2744	2484	6fe9665d90587254c13c4e19b276ccd6.exe	28
PID 2484 wrote to memory of 2744	2484	6fe9665d90587254c13c4e19b276ccd6.exe	28
PID 2484 wrote to memory of 2744	2484	6fe9665d90587254c13c4e19b276ccd6.exe	28

C:\Users\Admin\AppData\Local\Temp\6fe9665d90587254c13c4e19b276ccd6.exe
"C:\Users\Admin\AppData\Local\Temp\6fe9665d90587254c13c4e19b276ccd6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Users\Admin\AppData\Local\Temp\6fe9665d90587254c13c4e19b276ccd6.exe
  C:\Users\Admin\AppData\Local\Temp\6fe9665d90587254c13c4e19b276ccd6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6fe9665d90587254c13c4e19b276ccd6.exe

Filesize
1.1MB

MD5
a5686b7dfd7f7b1bc805c12697e4427c

SHA1
58ef68edd3ec477bba01b4c13cf8d8c04f2410d1

SHA256
31c9ba19d76423a024a8ced6e5c921f4803b0e1c1187aa23f038f7edf391652a

SHA512
a0c064504a6b9e376d4316f44dbd239a0d8325d8cc025a7102c99810fde3343bbe42ef6d821ff09c1a2f44f747b38c2143e702855ff3c382895994be3aa16adb

Download Submit
\Users\Admin\AppData\Local\Temp\6fe9665d90587254c13c4e19b276ccd6.exe

Filesize
1.3MB

MD5
d15eef3a61b51b3675893fa24ba6beec

SHA1
a0057c1eee61a93e3bbe59f02b8dbd1a35a46d64

SHA256
c2a43c1f2e7ec6cef815028a729c1ffb4f28270fffe367e497dda392d7a05e4c

SHA512
c467076f684bff05502508217d011e705bb287eabbc5193858279d49bead33c82114135f74ee0092862619993cafa28950788ca12b25e2ae1009e850f32cb6f0

Download Submit
memory/2484-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2484-1-0x0000000000280000-0x00000000003B1000-memory.dmp

Filesize
1.2MB

Download
memory/2484-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2484-15-0x0000000003860000-0x0000000003D47000-memory.dmp

Filesize
4.9MB

Download
memory/2484-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2484-31-0x0000000003860000-0x0000000003D47000-memory.dmp

Filesize
4.9MB

Download
memory/2744-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2744-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2744-18-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2744-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2744-25-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2744-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download