86fe5525454ebabf6fd3c8510268c7ccd07c466d22dc5b0a8c45436f02a65cbe

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

751466fc245a3eadaa224a87b6049524.exe
Size

1.3MB
MD5

751466fc245a3eadaa224a87b6049524
SHA1

bb68981df4b05a4377f3f95062905a9397effff9
SHA256

86fe5525454ebabf6fd3c8510268c7ccd07c466d22dc5b0a8c45436f02a65cbe
SHA512

7121ef1992ac4227e1c09a65e154a61df5a9e69e33a02a2a4b850629e809abdab3f97a9c8fcd13cf66706fc7d17d291fbd2a9ad8427c481acc424e4bb35cd9ea
SSDEEP

24576:6XhkaxjVFgpezYBxpBhhw9swR5/AjJM7c/iky4/mrg0EROPFXL2IXjaTRyUW7Wc:6Xhk6Fgp4YTpFwKDJM7c/M4qgZ8F7HOu

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2672	751466fc245a3eadaa224a87b6049524.exe

Executes dropped EXE 1 IoCs

pid	Process
2672	751466fc245a3eadaa224a87b6049524.exe

Loads dropped DLL 1 IoCs

pid	Process
308	751466fc245a3eadaa224a87b6049524.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/308-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001223b-10.dat	upx
behavioral1/files/0x000a00000001223b-14.dat	upx
behavioral1/memory/2672-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/308-13-0x00000000035A0000-0x0000000003A8F000-memory.dmp	upx
behavioral1/files/0x000a00000001223b-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
308	751466fc245a3eadaa224a87b6049524.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
308	751466fc245a3eadaa224a87b6049524.exe
2672	751466fc245a3eadaa224a87b6049524.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 308 wrote to memory of 2672	308	751466fc245a3eadaa224a87b6049524.exe	28
PID 308 wrote to memory of 2672	308	751466fc245a3eadaa224a87b6049524.exe	28
PID 308 wrote to memory of 2672	308	751466fc245a3eadaa224a87b6049524.exe	28
PID 308 wrote to memory of 2672	308	751466fc245a3eadaa224a87b6049524.exe	28

C:\Users\Admin\AppData\Local\Temp\751466fc245a3eadaa224a87b6049524.exe
"C:\Users\Admin\AppData\Local\Temp\751466fc245a3eadaa224a87b6049524.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:308
- C:\Users\Admin\AppData\Local\Temp\751466fc245a3eadaa224a87b6049524.exe
  C:\Users\Admin\AppData\Local\Temp\751466fc245a3eadaa224a87b6049524.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\751466fc245a3eadaa224a87b6049524.exe

Filesize
726KB

MD5
72d25a245799732921e7a4da0fb93fe1

SHA1
52a58cf58bb17534dfab587965f9b7c3194c77a1

SHA256
ffda8c475105cb11aaa88c1db0b01f3f463894762b528a2e1c2c73fca19fa8d4

SHA512
ac53288489e1c34b8cfe992371e625d14f6c9bb61e7243ccb8155da03c9cd68f522dc8b4e741ca93f4ffd1698ff0563c7a1e1eccfa61a8e2a7cba07eb1cc9b52

Download Submit
C:\Users\Admin\AppData\Local\Temp\751466fc245a3eadaa224a87b6049524.exe

Filesize
436KB

MD5
049e479717ec5ec94d8e1109bac1182c

SHA1
db3cd806eb3efc7f7cecefcfc158920fd3b2aba0

SHA256
b542c4a69b96929ecd5db59f1c2a8a7abddbfafc23a0e7618db11aca8b38ed49

SHA512
131a9f9feb79e63302f49d82fd903cb51446777064efbb093d7cc00495f9f9bc22dcc63fc5118256a7b3d6e4d73b271155a25adf6af73c504fc7ec9db86f2375

Download Submit
\Users\Admin\AppData\Local\Temp\751466fc245a3eadaa224a87b6049524.exe

Filesize
1016KB

MD5
78b51fec92b66118a5b7c923c57d14a1

SHA1
539988cda6a062ea973807fa7f8c93dab5055472

SHA256
a8d3bef9d391ceea8fc411ca0c951e953bf418c22d2c473d8e2d28218a514eb2

SHA512
75dd142a376337de96332c1dcd78923f696d57ef113c6fcbe52ed8a46c56040db1319c948ff9a7c7bed65556e304df5e18be0fcad0fb0cead6ad3dba5b9b7ca0

Download Submit
memory/308-13-0x00000000035A0000-0x0000000003A8F000-memory.dmp

Filesize
4.9MB

Download
memory/308-2-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/308-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/308-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/308-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2672-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2672-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2672-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2672-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2672-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2672-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download