413f428805a9c210f6c0e0b59236f6af2d50c69ab6602a6b3d05a9a2b0a83a78

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-02-2024 06:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

863251c548f68b7b22bef6f4c912bb55.exe
Size

2.7MB
MD5

863251c548f68b7b22bef6f4c912bb55
SHA1

6324f32cc3c1a9956c7a04e721e318869ac5f591
SHA256

413f428805a9c210f6c0e0b59236f6af2d50c69ab6602a6b3d05a9a2b0a83a78
SHA512

d73e911185ab6d9f5fa9333537eeb320a59a56d096c8a1bb4445154ab48b98ae6f88a0a269902f1d53be33e1188bf1716e20f0eb1659c2c5c5a78c27e9727b1b
SSDEEP

49152:yPmWQ57+sqV+mYL4qlR364R9rZ2NH7bpNAZ6Iosr4MOUKQqumTwCR9j:UmWQ57+/V+mU4qPHHdmH7b269srXOUrk

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2284	863251c548f68b7b22bef6f4c912bb55.exe

Executes dropped EXE 1 IoCs

pid	Process
2284	863251c548f68b7b22bef6f4c912bb55.exe

Loads dropped DLL 1 IoCs

pid	Process
3020	863251c548f68b7b22bef6f4c912bb55.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3020-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b00000001224d-15.dat	upx
behavioral1/files/0x000b00000001224d-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3020	863251c548f68b7b22bef6f4c912bb55.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3020	863251c548f68b7b22bef6f4c912bb55.exe
2284	863251c548f68b7b22bef6f4c912bb55.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 2284	3020	863251c548f68b7b22bef6f4c912bb55.exe	28
PID 3020 wrote to memory of 2284	3020	863251c548f68b7b22bef6f4c912bb55.exe	28
PID 3020 wrote to memory of 2284	3020	863251c548f68b7b22bef6f4c912bb55.exe	28
PID 3020 wrote to memory of 2284	3020	863251c548f68b7b22bef6f4c912bb55.exe	28

C:\Users\Admin\AppData\Local\Temp\863251c548f68b7b22bef6f4c912bb55.exe
"C:\Users\Admin\AppData\Local\Temp\863251c548f68b7b22bef6f4c912bb55.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Users\Admin\AppData\Local\Temp\863251c548f68b7b22bef6f4c912bb55.exe
  C:\Users\Admin\AppData\Local\Temp\863251c548f68b7b22bef6f4c912bb55.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\863251c548f68b7b22bef6f4c912bb55.exe

Filesize
65KB

MD5
23d016377a7c27a10c57bedd985ae273

SHA1
6a7c973a00c84c8bd970cf9279ff094e9bb123eb

SHA256
8beb5199597fd7c4b8939a872674fb4deda63e7e12165021d0b87f0ba3a70ea8

SHA512
e1595b160d58b73607b9421b266e069d65efa48e280a0a223c79ad12ccece5e9b98998894634a9e6c770cbded26ebf27ef6f8d83a28c816c2f552744b6d5d78e

Download Submit
\Users\Admin\AppData\Local\Temp\863251c548f68b7b22bef6f4c912bb55.exe

Filesize
215KB

MD5
a4d16d92b28e0cad03ab38e8aee92479

SHA1
714adfbe6b1898ac9b85408b55f29a5f38f88bc4

SHA256
af561652d745b7d22f018a8b40b829999ed842b92ba4a87f1ff24cae5ff4e847

SHA512
8402836fd469d433cde89cb701f618d253c5f61268f69106b8d252cc950465e38abb02432c4c57640db0d70c6024665db6fc4820627cc62b9010b8b24b55514a

Download Submit
memory/2284-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2284-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2284-26-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2284-18-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2284-20-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2284-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3020-14-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/3020-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3020-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3020-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3020-31-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/3020-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download