aad10a260638a7dad8df983e276988491e8fff10bdc69bf3c113d5aa51ab61ba

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 00:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

95be113d0da369ec6cd8626202eff531.exe
Size

1.3MB
MD5

95be113d0da369ec6cd8626202eff531
SHA1

044b6f397bf349bd3d50dd895eb265911e53d51d
SHA256

aad10a260638a7dad8df983e276988491e8fff10bdc69bf3c113d5aa51ab61ba
SHA512

da089143a1240b7d008d973041f7d71e6f53427aa7122c9b482d2b8da075b0578dcd6df8e99290b966b319dfbde078a2d940e9d5dad686e4d9314f0f1fb3af56
SSDEEP

24576:ded/ZSSjp8sSpwgjpAeQZYoweQ0LFy6HtGbLmb2YCxLzvG:d2hSS18/pZQZYoweQ0LFkLmbbCx

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2416	95be113d0da369ec6cd8626202eff531.exe

Executes dropped EXE 1 IoCs

pid	Process
2416	95be113d0da369ec6cd8626202eff531.exe

Loads dropped DLL 1 IoCs

pid	Process
2492	95be113d0da369ec6cd8626202eff531.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2492-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a000000012261-11.dat	upx
behavioral1/files/0x000a000000012261-15.dat	upx
behavioral1/memory/2416-16-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/2492-14-0x0000000003580000-0x00000000039EA000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2492	95be113d0da369ec6cd8626202eff531.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2492	95be113d0da369ec6cd8626202eff531.exe
2416	95be113d0da369ec6cd8626202eff531.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 2416	2492	95be113d0da369ec6cd8626202eff531.exe	28
PID 2492 wrote to memory of 2416	2492	95be113d0da369ec6cd8626202eff531.exe	28
PID 2492 wrote to memory of 2416	2492	95be113d0da369ec6cd8626202eff531.exe	28
PID 2492 wrote to memory of 2416	2492	95be113d0da369ec6cd8626202eff531.exe	28

C:\Users\Admin\AppData\Local\Temp\95be113d0da369ec6cd8626202eff531.exe
"C:\Users\Admin\AppData\Local\Temp\95be113d0da369ec6cd8626202eff531.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Users\Admin\AppData\Local\Temp\95be113d0da369ec6cd8626202eff531.exe
  C:\Users\Admin\AppData\Local\Temp\95be113d0da369ec6cd8626202eff531.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\95be113d0da369ec6cd8626202eff531.exe

Filesize
704KB

MD5
d9c36920c98c8533d9e207436cda7bf8

SHA1
8e9f8ee7c04ec77e631b900e9364472b5d443266

SHA256
1253cb5729a8269e2c8a2edcf67ebb5da5a52c6e32cca22295d3c8dc8fdfcf29

SHA512
6713d0efc9fd8133d9c715d347b7e26ed48344c1ad2165e7a2f1a78703456a896da274a7e623c1aa3b788c17d70f9dc6254d908ee92d13aaa6035dae40d17fb4

Download Submit
\Users\Admin\AppData\Local\Temp\95be113d0da369ec6cd8626202eff531.exe

Filesize
1.3MB

MD5
d68299c6d84c27e41cec8e2a4a3c133f

SHA1
9386074c4d79010a02ae3b114955b4eedf1d24e9

SHA256
c4c06b221fcb61894830fdec8d7a6f926e4c8ba8678e53075b0bc88b5a87c3cc

SHA512
9294b4c4e1bf5775e030b859ff89f838a6af6b14bad28335b5a00d06c0a184ca7e3efdfcb943547e6db4150a32de810f5419c0adb0674c37f07345b8722c01d8

Download Submit
memory/2416-16-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2416-19-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2416-18-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2416-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2492-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2492-1-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2492-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2492-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2492-14-0x0000000003580000-0x00000000039EA000-memory.dmp

Filesize
4.4MB

Download