24996b988d90a229d9cb3288903db4d423c2dd8b7912ca9a93da481e4e9e37f9

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23/01/2024, 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70c483e4231998b7e53b4fa0bfc82341.exe
Size

4.8MB
MD5

70c483e4231998b7e53b4fa0bfc82341
SHA1

eaf7c9b4c5a844752d5c6fe60125460ceedd2f5a
SHA256

24996b988d90a229d9cb3288903db4d423c2dd8b7912ca9a93da481e4e9e37f9
SHA512

8841c34e1e7cf0aef8088ecb96103842e1af910737c8eedc3752111102d8b18921fd626226101279419a4ee275e565b6a0e2039f1c30eaf589cd66fc383a2aaa
SSDEEP

98304:NB3vFyMAmh78D3gg3gnl/IVUs1jig93V97iH0gViv/gg3gnl/IVUs1jr:/3dDY1gl/iBN9l99gVytgl/iBP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2644	70c483e4231998b7e53b4fa0bfc82341.exe

Executes dropped EXE 1 IoCs

pid	Process
2644	70c483e4231998b7e53b4fa0bfc82341.exe

Loads dropped DLL 1 IoCs

pid	Process
2996	70c483e4231998b7e53b4fa0bfc82341.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2996-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000000e610-10.dat	upx
behavioral1/files/0x000b00000000e610-12.dat	upx
behavioral1/files/0x000b00000000e610-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2996	70c483e4231998b7e53b4fa0bfc82341.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2996	70c483e4231998b7e53b4fa0bfc82341.exe
2644	70c483e4231998b7e53b4fa0bfc82341.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2644	2996	70c483e4231998b7e53b4fa0bfc82341.exe	28
PID 2996 wrote to memory of 2644	2996	70c483e4231998b7e53b4fa0bfc82341.exe	28
PID 2996 wrote to memory of 2644	2996	70c483e4231998b7e53b4fa0bfc82341.exe	28
PID 2996 wrote to memory of 2644	2996	70c483e4231998b7e53b4fa0bfc82341.exe	28

C:\Users\Admin\AppData\Local\Temp\70c483e4231998b7e53b4fa0bfc82341.exe
"C:\Users\Admin\AppData\Local\Temp\70c483e4231998b7e53b4fa0bfc82341.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Users\Admin\AppData\Local\Temp\70c483e4231998b7e53b4fa0bfc82341.exe
  C:\Users\Admin\AppData\Local\Temp\70c483e4231998b7e53b4fa0bfc82341.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\70c483e4231998b7e53b4fa0bfc82341.exe

Filesize
1.3MB

MD5
468b085b2fd71580377ab350772995d0

SHA1
248e3586d24dedf70f497c913137ea7e1c119990

SHA256
985e12f2b0f0ba550e8b3d725b2bc56178fd138393d5d39bed0b2d5ff299ba6d

SHA512
e043e74894585e45950ded901fd86e8af7d76bf4302114f478037684f0eb2a58bd4e60129ea609f723bff85ecedad7ae4a466b3d86018df5fc74f5e0d29cbdf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\70c483e4231998b7e53b4fa0bfc82341.exe

Filesize
1.5MB

MD5
33a82259e4dc7778ce6561863cb948b9

SHA1
a464bdb0fa2f94233cf0f76ae622f572e511d995

SHA256
490ddccace126dd8b052b9a0623b6701a6be3220cb7f12322bac4fac245339a5

SHA512
86243af82c8dda374c79d5b6dc514c2793bb039590d001752bb4d7e29cdfe4392ce8dfde1bd1c1dc0751f252d3c5048536b0bb364a45ca434052ac9cd7a592d4

Download Submit
\Users\Admin\AppData\Local\Temp\70c483e4231998b7e53b4fa0bfc82341.exe

Filesize
1.8MB

MD5
c0ee93429f771c15d13b41ecf0849308

SHA1
4f53e73ca11b50337c2bfcf6481ba1106f70ab93

SHA256
1bb58a9275b8a0dfb3106252a77d91851e93e5e9eb3ff67a298af288c5452731

SHA512
116f875a9ed9a270db8b333afca807934b669920be781b5871f6c67339613f57c4af2578024ace5ef84b00c87643e04bac6da431320e6d15cc9b7bed5092964b

Download Submit
memory/2644-18-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/2644-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2644-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2644-24-0x00000000034F0000-0x000000000371A000-memory.dmp

Filesize
2.2MB

Download
memory/2644-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2644-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2996-3-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2996-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2996-14-0x0000000003BD0000-0x00000000040BF000-memory.dmp

Filesize
4.9MB

Download
memory/2996-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2996-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2996-31-0x0000000003BD0000-0x00000000040BF000-memory.dmp

Filesize
4.9MB

Download