95e140969133375f014fc17a0075628f5e5a24e11159f6260501334bfee2f3e7

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 08:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

742820f33f3b6de66f1e732138ce00d0.exe
Size

2.7MB
MD5

742820f33f3b6de66f1e732138ce00d0
SHA1

fa4ef2d54da09d56c269ef4eccf1e207effd9306
SHA256

95e140969133375f014fc17a0075628f5e5a24e11159f6260501334bfee2f3e7
SHA512

cd46b850139a8fb057610f170e00df8e580c67e3d4046e901aa001a74076b6257c9c9583d2b846986c1e95c6b3215cd0ab51df69c05b48096d061247ce9b3899
SSDEEP

49152:Zvt0+muWdb8IUFjQjTDDSHvv648r9fsHAJImSLMW:ZvQu0b8IUFsvSPv64i956mSLMW

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1948	742820f33f3b6de66f1e732138ce00d0.exe

Executes dropped EXE 1 IoCs

pid	Process
1948	742820f33f3b6de66f1e732138ce00d0.exe

Loads dropped DLL 1 IoCs

pid	Process
2076	742820f33f3b6de66f1e732138ce00d0.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2076-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000b0000000126e7-11.dat	upx
behavioral1/files/0x000b0000000126e7-14.dat	upx
behavioral1/files/0x000b0000000126e7-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2076	742820f33f3b6de66f1e732138ce00d0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2076	742820f33f3b6de66f1e732138ce00d0.exe
1948	742820f33f3b6de66f1e732138ce00d0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 1948	2076	742820f33f3b6de66f1e732138ce00d0.exe	28
PID 2076 wrote to memory of 1948	2076	742820f33f3b6de66f1e732138ce00d0.exe	28
PID 2076 wrote to memory of 1948	2076	742820f33f3b6de66f1e732138ce00d0.exe	28
PID 2076 wrote to memory of 1948	2076	742820f33f3b6de66f1e732138ce00d0.exe	28

C:\Users\Admin\AppData\Local\Temp\742820f33f3b6de66f1e732138ce00d0.exe
"C:\Users\Admin\AppData\Local\Temp\742820f33f3b6de66f1e732138ce00d0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Users\Admin\AppData\Local\Temp\742820f33f3b6de66f1e732138ce00d0.exe
  C:\Users\Admin\AppData\Local\Temp\742820f33f3b6de66f1e732138ce00d0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\742820f33f3b6de66f1e732138ce00d0.exe

Filesize
514KB

MD5
9d3e9cc7d92d18d073c7cef8983e08b9

SHA1
23528878b38dfcdb9615485e6b4368958d3b3010

SHA256
f0160e5c23854c6640e5795bd573850a4357623870a6a92c044e046a53ab2283

SHA512
91c660f6d90361c6ad6d4c13c064fa6ca83952e14c1c4d34ea6f9d2e292369203296026e05112d84a24031863437a05221b858b82ed05c650847b4e1d963a34d

Download Submit
C:\Users\Admin\AppData\Local\Temp\742820f33f3b6de66f1e732138ce00d0.exe

Filesize
704KB

MD5
a6c1cd86c9f7ec2a32b61e63fef6e27d

SHA1
a768e394b4a8516e9e7eea3e7c192632f4cda864

SHA256
9dfc7f5b15c88d885e0a02ada96b9b7c264c165ad63056a73fb2f818458bb74c

SHA512
52802c4c92cfae793f9b5f0642ebfeda0da957fb76df2ab52bccb00af88cbf155e51f1ff0014bd37a8681ebd1b22c8dc19a18f464e34bbbbd58470961b949762

Download Submit
\Users\Admin\AppData\Local\Temp\742820f33f3b6de66f1e732138ce00d0.exe

Filesize
671KB

MD5
6f30477f3ce24ddc5f7d03850526bd63

SHA1
ff6de97a38357ae80506113a7cd3a9747808bb70

SHA256
fcfbfc9d504e5047e4951604169b714f3822742dca6e57be0a17488807591532

SHA512
f8551e2d00cbe0ba856212c124ff0a9593bd26882528b3e43ac7ca111d36ff214682d86dcf988a7b5a2a145d84f2661771aa5c5bd3c7beb574bd8606d41e118b

Download Submit
memory/1948-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1948-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1948-20-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/1948-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2076-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2076-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2076-16-0x0000000003690000-0x0000000003AFA000-memory.dmp

Filesize
4.4MB

Download
memory/2076-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2076-1-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2076-26-0x0000000003690000-0x0000000003AFA000-memory.dmp

Filesize
4.4MB

Download