c2b31303ca9d553dc2227959c4e9ed9b0d13869935201dc7a2f00093abbe19d7

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75a70e93c4b39e1b656db561301c9e4c.exe
Size

1.3MB
MD5

75a70e93c4b39e1b656db561301c9e4c
SHA1

a029c8f1bc5d3878c7d3d62f11c5b1f387acf39b
SHA256

c2b31303ca9d553dc2227959c4e9ed9b0d13869935201dc7a2f00093abbe19d7
SHA512

56c2efbf412aec4556cdb192d3f042d202c737a7895d7a500414599c0686c69acf5ffe94b16e4caec1a22520a86e435da92acd2cb069740eb7197462702e6d18
SSDEEP

24576:I+Zoypl69vrxEVe9+be57aPfhJoz/jOuw3a1k0O8wvFD1VywkEFMWc:B6yQufKQPfhezRFkZ8sFehp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2988	75a70e93c4b39e1b656db561301c9e4c.exe

Executes dropped EXE 1 IoCs

pid	Process
2988	75a70e93c4b39e1b656db561301c9e4c.exe

Loads dropped DLL 1 IoCs

pid	Process
2024	75a70e93c4b39e1b656db561301c9e4c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2024-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000015cfa-14.dat	upx
behavioral1/memory/2988-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000015cfa-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2024	75a70e93c4b39e1b656db561301c9e4c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2024	75a70e93c4b39e1b656db561301c9e4c.exe
2988	75a70e93c4b39e1b656db561301c9e4c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2988	2024	75a70e93c4b39e1b656db561301c9e4c.exe	28
PID 2024 wrote to memory of 2988	2024	75a70e93c4b39e1b656db561301c9e4c.exe	28
PID 2024 wrote to memory of 2988	2024	75a70e93c4b39e1b656db561301c9e4c.exe	28
PID 2024 wrote to memory of 2988	2024	75a70e93c4b39e1b656db561301c9e4c.exe	28

C:\Users\Admin\AppData\Local\Temp\75a70e93c4b39e1b656db561301c9e4c.exe
"C:\Users\Admin\AppData\Local\Temp\75a70e93c4b39e1b656db561301c9e4c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Users\Admin\AppData\Local\Temp\75a70e93c4b39e1b656db561301c9e4c.exe
  C:\Users\Admin\AppData\Local\Temp\75a70e93c4b39e1b656db561301c9e4c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\75a70e93c4b39e1b656db561301c9e4c.exe

Filesize
98KB

MD5
e997c19f13d25ed3fe25c93d75ea0926

SHA1
c9449eb659baebfa6e2a05d7e56cc29a424694ae

SHA256
e6df68f8743a3a5d9aab43346ae2ddf4fccc6d5ff1605857b41646406017b83b

SHA512
3a030fe1cfe8687083c227697f846115d1bd0ce2cf1ca93b69f2f2fa856a7af06ae940b593a5fbf44ca214e17b3516218c7eb6a8a71afe561765162633f187e2

Download Submit
\Users\Admin\AppData\Local\Temp\75a70e93c4b39e1b656db561301c9e4c.exe

Filesize
1.1MB

MD5
b6d2113667a748dac31830ae6d9efc7d

SHA1
65f19c25ece6a8fb302bb69f9e73a11d32da987d

SHA256
95fc7bf1b30e22012874f91236daa219401469ff276aad9cc717a6eaa3fd5fa9

SHA512
3f7ad598fadc2d444ba39ad0c9f09f39477cb05d3d95797f679fa9a357f2ec9a394902dad8d140cf97b01ff2a197222d13782e4785b112fcfb87ac0d1b112af4

Download Submit
memory/2024-15-0x00000000035D0000-0x0000000003ABF000-memory.dmp

Filesize
4.9MB

Download
memory/2024-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2024-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2024-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2024-2-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/2024-31-0x00000000035D0000-0x0000000003ABF000-memory.dmp

Filesize
4.9MB

Download
memory/2988-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2988-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2988-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2988-24-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/2988-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2988-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download