f492fa8dc36e8dee420dfa4ece692781aa682b6b8e2d9f97a1d8c2cf595d98bd

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75046772bbda9fea06dfa5022ab066e0.exe
Size

10.7MB
MD5

75046772bbda9fea06dfa5022ab066e0
SHA1

11830d82eab21df474007e07187b10a4b861cf2f
SHA256

f492fa8dc36e8dee420dfa4ece692781aa682b6b8e2d9f97a1d8c2cf595d98bd
SHA512

aa566365dcf5117f6c86b7be4fd3da5cc349ead93182a6ab111d6163c1106b913e6ee9bf884272fbfcce49b7d4af097849aba14349aa840707fe8f97df0f44b8
SSDEEP

196608:zJZArxqDkTv1B2gvkaAGVU81B2gvkaASKu5jF1B2gvkaAGVU81B2gvkaA:9ZMqYTvnRkonRkYFnRkonRk

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

75046772bbda9fea06dfa5022ab066e0.exe

pid process

2448 75046772bbda9fea06dfa5022ab066e0.exe
Executes dropped EXE 1 IoCs

Processes:

75046772bbda9fea06dfa5022ab066e0.exe

pid process

2448 75046772bbda9fea06dfa5022ab066e0.exe
Loads dropped DLL 1 IoCs

Processes:

75046772bbda9fea06dfa5022ab066e0.exe

pid process

2212 75046772bbda9fea06dfa5022ab066e0.exe

pid	process
2448	75046772bbda9fea06dfa5022ab066e0.exe

pid	process
2448	75046772bbda9fea06dfa5022ab066e0.exe

pid	process
2212	75046772bbda9fea06dfa5022ab066e0.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2212-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\75046772bbda9fea06dfa5022ab066e0.exe	upx
C:\Users\Admin\AppData\Local\Temp\75046772bbda9fea06dfa5022ab066e0.exe	upx
behavioral1/memory/2212-16-0x0000000004690000-0x0000000004AFA000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

Processes:

75046772bbda9fea06dfa5022ab066e0.exe

pid process

2212 75046772bbda9fea06dfa5022ab066e0.exe
Suspicious use of UnmapMainImage 2 IoCs

Processes:

75046772bbda9fea06dfa5022ab066e0.exe75046772bbda9fea06dfa5022ab066e0.exe

pid process

2212 75046772bbda9fea06dfa5022ab066e0.exe
2448 75046772bbda9fea06dfa5022ab066e0.exe

pid	process
2212	75046772bbda9fea06dfa5022ab066e0.exe

pid	process
2212	75046772bbda9fea06dfa5022ab066e0.exe
2448	75046772bbda9fea06dfa5022ab066e0.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

75046772bbda9fea06dfa5022ab066e0.exe

description	pid	process	target process
PID 2212 wrote to memory of 2448	2212	75046772bbda9fea06dfa5022ab066e0.exe	75046772bbda9fea06dfa5022ab066e0.exe
PID 2212 wrote to memory of 2448	2212	75046772bbda9fea06dfa5022ab066e0.exe	75046772bbda9fea06dfa5022ab066e0.exe
PID 2212 wrote to memory of 2448	2212	75046772bbda9fea06dfa5022ab066e0.exe	75046772bbda9fea06dfa5022ab066e0.exe
PID 2212 wrote to memory of 2448	2212	75046772bbda9fea06dfa5022ab066e0.exe	75046772bbda9fea06dfa5022ab066e0.exe

C:\Users\Admin\AppData\Local\Temp\75046772bbda9fea06dfa5022ab066e0.exe
"C:\Users\Admin\AppData\Local\Temp\75046772bbda9fea06dfa5022ab066e0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2212

C:\Users\Admin\AppData\Local\Temp\75046772bbda9fea06dfa5022ab066e0.exe
C:\Users\Admin\AppData\Local\Temp\75046772bbda9fea06dfa5022ab066e0.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\75046772bbda9fea06dfa5022ab066e0.exe
Filesize
264KB

MD5
d88e9f5abe02e9ac856f4838ebb173b0

SHA1
a87d9dd7420e387e8d02da271160cca6cc7ad477

SHA256
a9a730b6ec0595968e3deadc2901114e51c8e0b2ebe8ebe974673227cfdbb84b

SHA512
ed78750554c131b66b503f42f9ed66120cf8c73caf13d4f30ffcac13727decd5ba2b90297f975f7eed728f2d6e3095289c23469f9b992d9e3ef8bfeb36ff8017

Download Submit
\Users\Admin\AppData\Local\Temp\75046772bbda9fea06dfa5022ab066e0.exe
Filesize
773KB

MD5
ee9f0e182a0f1da2d6f4f9cce082e4e3

SHA1
cc1f4d296bec074b69e26b644ed0b1366064b608

SHA256
2dff79bb8f4f2607130818582d374225105e5a9e233a563a886152bd526e206e

SHA512
6992352c1d5be63b69d696ef6bbcff3f404063b8456dc8ac36b5d51c86326dbfb6700183d8cd332f04cd31ac5a55c58055a4bcc1fba397e621d1ab264d2d3107

Download Submit
memory/2212-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2212-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2212-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2212-16-0x0000000004690000-0x0000000004AFA000-memory.dmp

Filesize
4.4MB

Download
memory/2212-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2212-26-0x0000000004690000-0x0000000004AFA000-memory.dmp

Filesize
4.4MB

Download
memory/2448-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2448-19-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2448-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2448-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download