b3e5b9b872cd99e0509cf4cdfeae3569027236118a76a110246f7c1a90c294fe

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 09:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74483553ccdeb2ed641adcedf70ddc69.exe
Size

5.3MB
MD5

74483553ccdeb2ed641adcedf70ddc69
SHA1

12d5c24a373c113bca09c3220035da4b9651e3b1
SHA256

b3e5b9b872cd99e0509cf4cdfeae3569027236118a76a110246f7c1a90c294fe
SHA512

c26da1a14824d2833820dcd486bb5f82650d54ff07e692d28c1089c8ed1ad0f07a10aaf0a2be145218e84a0a1b52c5379a77b5b3b14eb9a411302b2fdf150bd4
SSDEEP

98304:s/LPJsj5/rI1H6P2dVIqNaS/DCHGnATOwlQH8xH6P2dVIqNaS/DCHj:yLmj5TcXFWmATdCH8xXFWD

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3036	74483553ccdeb2ed641adcedf70ddc69.exe

Executes dropped EXE 1 IoCs

pid	Process
3036	74483553ccdeb2ed641adcedf70ddc69.exe

Loads dropped DLL 1 IoCs

pid	Process
3020	74483553ccdeb2ed641adcedf70ddc69.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3020-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000c000000012251-10.dat	upx
behavioral1/files/0x000c000000012251-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3020	74483553ccdeb2ed641adcedf70ddc69.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3020	74483553ccdeb2ed641adcedf70ddc69.exe
3036	74483553ccdeb2ed641adcedf70ddc69.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 3036	3020	74483553ccdeb2ed641adcedf70ddc69.exe	28
PID 3020 wrote to memory of 3036	3020	74483553ccdeb2ed641adcedf70ddc69.exe	28
PID 3020 wrote to memory of 3036	3020	74483553ccdeb2ed641adcedf70ddc69.exe	28
PID 3020 wrote to memory of 3036	3020	74483553ccdeb2ed641adcedf70ddc69.exe	28

C:\Users\Admin\AppData\Local\Temp\74483553ccdeb2ed641adcedf70ddc69.exe
"C:\Users\Admin\AppData\Local\Temp\74483553ccdeb2ed641adcedf70ddc69.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Users\Admin\AppData\Local\Temp\74483553ccdeb2ed641adcedf70ddc69.exe
  C:\Users\Admin\AppData\Local\Temp\74483553ccdeb2ed641adcedf70ddc69.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\74483553ccdeb2ed641adcedf70ddc69.exe

Filesize
226KB

MD5
8adfcd9ac8cd83e46f6c9305191fd32a

SHA1
e85da1197f99aff1a91df191ebe645be50c59441

SHA256
7236c23c3020098b0397d541b42fb0c8f9f94c09fdc684b366167cb3f0137b4f

SHA512
7a98cba8fdf0060be54d8ca9003357a4483d02a88ca5ca8b51e22ea00ee034d2a9f54b5c78db16734f1d0137c2da340e5aca185df1d690f729b3fd2435b1679d

Download Submit
\Users\Admin\AppData\Local\Temp\74483553ccdeb2ed641adcedf70ddc69.exe

Filesize
360KB

MD5
cbcf62e3011e8f733310122582c441d5

SHA1
52675902a0add56d4f32e617276cce68aec48c17

SHA256
4f46f23793e18c75a6ad7da8f8a9680b45444d298b27fbf0d997e1fcd5d1924c

SHA512
d446781f10677b535cb2cf234367b281e7248c7e09d511767c6dc74c5391d9d46b651d220116a3ccff680fae4708d9b4c5b9cf9d6f41ad00f2b63c912bb149fb

Download Submit
memory/3020-15-0x0000000003E30000-0x0000000004317000-memory.dmp

Filesize
4.9MB

Download
memory/3020-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3020-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/3020-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3020-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3020-31-0x0000000003E30000-0x0000000004317000-memory.dmp

Filesize
4.9MB

Download
memory/3036-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3036-19-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/3036-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3036-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/3036-25-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/3036-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download