de2058855ca75f93be81dd6f8acddd29fa378500ce8bf7e6a90b52045082ee88

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

751bbb23bcf8ee61ae292ca47eeca991.exe
Size

5.3MB
MD5

751bbb23bcf8ee61ae292ca47eeca991
SHA1

24cba516d0d043d401e5dc94f08c771ab5cfbce5
SHA256

de2058855ca75f93be81dd6f8acddd29fa378500ce8bf7e6a90b52045082ee88
SHA512

2be4b4fc4e3790c3b797c5e50369f1c931fe2ef5dbedf8511c66c3d8d1e525101b3580b7afc1280e57c6f4012a7296dbdd7ae5a68448fe5ff48021166bb14fe6
SSDEEP

98304:4Z7KYK31oifL8cZXwHktBcwQDM2YIDULHweOWL8JuyTn3SJxnxJHktBcwQDM2YIO:4FKYK31oEL8cZgschDHIQtW4rzSPnLs5

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

751bbb23bcf8ee61ae292ca47eeca991.exe

pid process

1984 751bbb23bcf8ee61ae292ca47eeca991.exe
Executes dropped EXE 1 IoCs

Processes:

751bbb23bcf8ee61ae292ca47eeca991.exe

pid process

1984 751bbb23bcf8ee61ae292ca47eeca991.exe
Loads dropped DLL 1 IoCs

Processes:

751bbb23bcf8ee61ae292ca47eeca991.exe

pid process

1652 751bbb23bcf8ee61ae292ca47eeca991.exe

pid	process
1984	751bbb23bcf8ee61ae292ca47eeca991.exe

pid	process
1984	751bbb23bcf8ee61ae292ca47eeca991.exe

pid	process
1652	751bbb23bcf8ee61ae292ca47eeca991.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1652-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\751bbb23bcf8ee61ae292ca47eeca991.exe	upx
behavioral1/memory/1984-15-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\751bbb23bcf8ee61ae292ca47eeca991.exe	upx

Suspicious behavior: RenamesItself 1 IoCs

Processes:

751bbb23bcf8ee61ae292ca47eeca991.exe

pid process

1652 751bbb23bcf8ee61ae292ca47eeca991.exe
Suspicious use of UnmapMainImage 2 IoCs

Processes:

751bbb23bcf8ee61ae292ca47eeca991.exe751bbb23bcf8ee61ae292ca47eeca991.exe

pid process

1652 751bbb23bcf8ee61ae292ca47eeca991.exe
1984 751bbb23bcf8ee61ae292ca47eeca991.exe

pid	process
1652	751bbb23bcf8ee61ae292ca47eeca991.exe

pid	process
1652	751bbb23bcf8ee61ae292ca47eeca991.exe
1984	751bbb23bcf8ee61ae292ca47eeca991.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

751bbb23bcf8ee61ae292ca47eeca991.exe

description	pid	process	target process
PID 1652 wrote to memory of 1984	1652	751bbb23bcf8ee61ae292ca47eeca991.exe	751bbb23bcf8ee61ae292ca47eeca991.exe
PID 1652 wrote to memory of 1984	1652	751bbb23bcf8ee61ae292ca47eeca991.exe	751bbb23bcf8ee61ae292ca47eeca991.exe
PID 1652 wrote to memory of 1984	1652	751bbb23bcf8ee61ae292ca47eeca991.exe	751bbb23bcf8ee61ae292ca47eeca991.exe
PID 1652 wrote to memory of 1984	1652	751bbb23bcf8ee61ae292ca47eeca991.exe	751bbb23bcf8ee61ae292ca47eeca991.exe

C:\Users\Admin\AppData\Local\Temp\751bbb23bcf8ee61ae292ca47eeca991.exe
"C:\Users\Admin\AppData\Local\Temp\751bbb23bcf8ee61ae292ca47eeca991.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1652

C:\Users\Admin\AppData\Local\Temp\751bbb23bcf8ee61ae292ca47eeca991.exe
C:\Users\Admin\AppData\Local\Temp\751bbb23bcf8ee61ae292ca47eeca991.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\751bbb23bcf8ee61ae292ca47eeca991.exe
Filesize
1.3MB

MD5
33420c47f8e4515cca8a52220ba0fad6

SHA1
25d2538b895efdedd0c8b5b05f9ff1e00a136030

SHA256
99e3513ec2bc5c580144c61472175e5612ffa5827a9130f5480cff41f31de19a

SHA512
a318669e463184095fedae56057388c23bda690c953176d4533b1bcc1a6d31f62bac87ff4c500d183cd365e754de7a570305677b3fd3d9575f7ab3a4eeb90c7a

Download Submit
\Users\Admin\AppData\Local\Temp\751bbb23bcf8ee61ae292ca47eeca991.exe
Filesize
963KB

MD5
f722f1663f26db4d44dc0cffae38bb75

SHA1
6d1a4aeb71dc702f73c98d311a1891a36b423b17

SHA256
597f0a5cbe54896fe326dea974743a8807c8bc48cef2d9d2d870cef3c664e9d3

SHA512
9466284a6190f7bcb6694153a0b241fc190affd8c085d67f362e5d91313732a9611afb7f0afe1b90c68e2d5a936d20aa664fa8ce00056a2e89d94ed8fb17573a

Download Submit
memory/1652-0-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1652-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1652-4-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1652-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1984-15-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1984-17-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1984-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1984-22-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1984-23-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/1984-30-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download