2f8440e8defce0fe8882302f52e67c5b99d6303a384bb7b18d122e20a4762ff6

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 08:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

71b33c02cb47b290008cc3495518e49e.exe
Size

2.9MB
MD5

71b33c02cb47b290008cc3495518e49e
SHA1

245d189f6fb62b8fdee239f3cedc337fdb135e2e
SHA256

2f8440e8defce0fe8882302f52e67c5b99d6303a384bb7b18d122e20a4762ff6
SHA512

1e0e18e8c438c81fdd87bcc440c30d7f072fd159cf06de57b5888b499c7da617b507bee51477f0b82b6ecb3506f04b3656f3a42fd2cae92c7913fcc574d21870
SSDEEP

49152:83e7Y480GU/KIQSYjX5ntsytlbiUN74NH5HUyNRcUsCVOzetdZJ:8A7GsKIQ11tsynbiU4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2172	71b33c02cb47b290008cc3495518e49e.exe

Executes dropped EXE 1 IoCs

pid	Process
2172	71b33c02cb47b290008cc3495518e49e.exe

Loads dropped DLL 1 IoCs

pid	Process
2436	71b33c02cb47b290008cc3495518e49e.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2436-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012247-10.dat	upx
behavioral1/files/0x0009000000012247-13.dat	upx
behavioral1/files/0x0009000000012247-12.dat	upx
behavioral1/memory/2172-15-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2436	71b33c02cb47b290008cc3495518e49e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2436	71b33c02cb47b290008cc3495518e49e.exe
2172	71b33c02cb47b290008cc3495518e49e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2172	2436	71b33c02cb47b290008cc3495518e49e.exe	28
PID 2436 wrote to memory of 2172	2436	71b33c02cb47b290008cc3495518e49e.exe	28
PID 2436 wrote to memory of 2172	2436	71b33c02cb47b290008cc3495518e49e.exe	28
PID 2436 wrote to memory of 2172	2436	71b33c02cb47b290008cc3495518e49e.exe	28

C:\Users\Admin\AppData\Local\Temp\71b33c02cb47b290008cc3495518e49e.exe
"C:\Users\Admin\AppData\Local\Temp\71b33c02cb47b290008cc3495518e49e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Users\Admin\AppData\Local\Temp\71b33c02cb47b290008cc3495518e49e.exe
  C:\Users\Admin\AppData\Local\Temp\71b33c02cb47b290008cc3495518e49e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\71b33c02cb47b290008cc3495518e49e.exe

Filesize
618KB

MD5
eaaff08fd2f50cbe60dd52bb793f8f44

SHA1
0e1ecb7330d6dc8ecabba39547c7a24baaca5765

SHA256
7e7928296a2f3fea1bf7fe28b86d5e2f8f57c7599d1a3590114bb3d06edc17fc

SHA512
a34650ee98fe6af4f09487da9dac4fb2f26e4cd9f8a89d2a62022d32586376e5e896e73fd73a3b7260912ae54e1aecf03a3af091987abbd002c41eb983cf4a00

Download Submit
C:\Users\Admin\AppData\Local\Temp\71b33c02cb47b290008cc3495518e49e.exe

Filesize
376KB

MD5
c683ead7032f78e0701aa9547d6eaaeb

SHA1
9760ede3e2a0dbe15fb598ba6847febb86dd0d14

SHA256
a053e7518e10f682f57548ca43e1e730a778ac6ae4c6758f2d6a40c322d2b24f

SHA512
9f28619d585f344159685ab87fdf6852f856bb7e02334af75c0885dff3e0d616da2d1947854e3adfa20f5941c64f0d790530d4741578ae10152ba271b8dabe58

Download Submit
\Users\Admin\AppData\Local\Temp\71b33c02cb47b290008cc3495518e49e.exe

Filesize
683KB

MD5
8e230b3b84596400b77b37bd3995d04b

SHA1
4ba774db3403dec07b882a1a7192b4cf1ee5c705

SHA256
1f870eb556c61d6dfff37465b0be72d9ee4327a811566f15bc66606ce6383f91

SHA512
c1a57ebf6a5dc411a269fb2012efb538e099bc0263435944ddd73dbeef5285dc3b180e418d3136bdd3af7ab7817f8c534d7a42b6e6c7b373ddd6a4581c8fdabd

Download Submit
memory/2172-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2172-16-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2172-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2172-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2172-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2172-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2436-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2436-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2436-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2436-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download