df47f7dccc70148ef26fd38ca63416d91e1a2c4f69328e3014bd968b4d0c36e0

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

968a31d090f2115347010cf46cc580e0.exe
Size

2.7MB
MD5

968a31d090f2115347010cf46cc580e0
SHA1

a06e99dd4fa7801d03d4b4f7294a7e45b9a4040b
SHA256

df47f7dccc70148ef26fd38ca63416d91e1a2c4f69328e3014bd968b4d0c36e0
SHA512

b06a5ff107bd1b9f8effd71688062190136e49198bcacbf62f4ca65ae4a1ee7c77dad8e344ebabd26e0ce573ddbe4a328f3d67263a28944f2cd582a198278aa8
SSDEEP

49152:IqIgPqiwN/BCzLs0aKNWX8V/XjqoSHvv648r9fsHAJImSLMW:0iwNZcaFKPOoSPv64i956mSLMW

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2652	968a31d090f2115347010cf46cc580e0.exe

Executes dropped EXE 1 IoCs

pid	Process
2652	968a31d090f2115347010cf46cc580e0.exe

Loads dropped DLL 1 IoCs

pid	Process
1204	968a31d090f2115347010cf46cc580e0.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1204-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0009000000012257-16.dat	upx
behavioral1/memory/2652-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/1204-15-0x0000000003800000-0x0000000003C6A000-memory.dmp	upx
behavioral1/files/0x0009000000012257-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1204	968a31d090f2115347010cf46cc580e0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1204	968a31d090f2115347010cf46cc580e0.exe
2652	968a31d090f2115347010cf46cc580e0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 2652	1204	968a31d090f2115347010cf46cc580e0.exe	28
PID 1204 wrote to memory of 2652	1204	968a31d090f2115347010cf46cc580e0.exe	28
PID 1204 wrote to memory of 2652	1204	968a31d090f2115347010cf46cc580e0.exe	28
PID 1204 wrote to memory of 2652	1204	968a31d090f2115347010cf46cc580e0.exe	28

C:\Users\Admin\AppData\Local\Temp\968a31d090f2115347010cf46cc580e0.exe
"C:\Users\Admin\AppData\Local\Temp\968a31d090f2115347010cf46cc580e0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Users\Admin\AppData\Local\Temp\968a31d090f2115347010cf46cc580e0.exe
  C:\Users\Admin\AppData\Local\Temp\968a31d090f2115347010cf46cc580e0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\968a31d090f2115347010cf46cc580e0.exe

Filesize
1.2MB

MD5
fac7e3dcacb55404e1305e2a406e7c83

SHA1
1ea7ff7acc3edde67282c04324085cc5d0b12683

SHA256
7d29debf3bfb9e5801721649e996573f34e9aaf0415e1e0c5cdb2fd3dbf210f9

SHA512
8a15b4fe972b143a3bd2142ae86b752d3cff069fb9a2c3abe8f3d06f66cfa1f71af846417a82692b1461059ac65c7888dc3de17c36d2649b2bf5b06098b73858

Download Submit
\Users\Admin\AppData\Local\Temp\968a31d090f2115347010cf46cc580e0.exe

Filesize
1.0MB

MD5
86a92b8be14b9888f740e3c2d6c51717

SHA1
8cacd3126d47b88cca23fc28ab50d30cbd92011f

SHA256
c0e85656a0d26c31f73b1440b9cc1d249ddca178f05407e34bafa25cb8466394

SHA512
c0a12b0daa2904213343273d6f26f113636e56253bbe9d8c08173fd63fb3f89ef6838939a85ea7ff4ce9996fd0f1563fc330085a1e7b4f23dbb364a916bebb9f

Download Submit
memory/1204-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1204-2-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/1204-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1204-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1204-15-0x0000000003800000-0x0000000003C6A000-memory.dmp

Filesize
4.4MB

Download
memory/2652-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2652-18-0x0000000000270000-0x0000000000382000-memory.dmp

Filesize
1.1MB

Download
memory/2652-19-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2652-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download