6f5fc29ba8fa21daf6d6cfe652098043de1d722048a06ed3d0d4bbeb744a2bb5

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 09:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96cea24e7d668d9b8db32861b8270106.exe
Size

5.8MB
MD5

96cea24e7d668d9b8db32861b8270106
SHA1

ae84bfc8ceede3f39697a0bb6b8bfb249077f1b4
SHA256

6f5fc29ba8fa21daf6d6cfe652098043de1d722048a06ed3d0d4bbeb744a2bb5
SHA512

742503dcbd5b7c29f1d2c76654bf3c4e61c1436f813407d273b363a58be7fe75dda16904bff4f61fae1b6424e671790bbb8915da0bc094087ea9d287644d884c
SSDEEP

98304:pQLKHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:0gauq1jI86FA7y2auq1jI86

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1720	96cea24e7d668d9b8db32861b8270106.exe

Executes dropped EXE 1 IoCs

pid	Process
1720	96cea24e7d668d9b8db32861b8270106.exe

Loads dropped DLL 1 IoCs

pid	Process
2000	96cea24e7d668d9b8db32861b8270106.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2000-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00090000000120e1-10.dat	upx
behavioral1/files/0x00090000000120e1-14.dat	upx
behavioral1/memory/1720-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2000	96cea24e7d668d9b8db32861b8270106.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2000	96cea24e7d668d9b8db32861b8270106.exe
1720	96cea24e7d668d9b8db32861b8270106.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1720	2000	96cea24e7d668d9b8db32861b8270106.exe	28
PID 2000 wrote to memory of 1720	2000	96cea24e7d668d9b8db32861b8270106.exe	28
PID 2000 wrote to memory of 1720	2000	96cea24e7d668d9b8db32861b8270106.exe	28
PID 2000 wrote to memory of 1720	2000	96cea24e7d668d9b8db32861b8270106.exe	28

C:\Users\Admin\AppData\Local\Temp\96cea24e7d668d9b8db32861b8270106.exe
"C:\Users\Admin\AppData\Local\Temp\96cea24e7d668d9b8db32861b8270106.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Users\Admin\AppData\Local\Temp\96cea24e7d668d9b8db32861b8270106.exe
  C:\Users\Admin\AppData\Local\Temp\96cea24e7d668d9b8db32861b8270106.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\96cea24e7d668d9b8db32861b8270106.exe

Filesize
149KB

MD5
d255173c2cffd56dd9a5c80cfe9c03f6

SHA1
a9a82b34e4813d7e55382e71872a83c90eca3ba8

SHA256
117d3679ee92d00ee26a13418d60c7ea7f89877117e10e5cbc129e35a0947c9b

SHA512
317e0abd8c802c1e9128742e44e164c095863ad8cdb3d891f29e595b6c0a88949f7b9ffdc57ef5fa940241cb3a87dba576b779943787e412748004695ea5e7ed

Download Submit
\Users\Admin\AppData\Local\Temp\96cea24e7d668d9b8db32861b8270106.exe

Filesize
576KB

MD5
a7d8edac84088e204c86cb3bac03d19e

SHA1
b3a2b9731f1340444fd1b3eca2ac66ecea174371

SHA256
cde016daa298369c1f4fd77857aa0b4a3f944a26075fce3f7286b8b3bbf9bb38

SHA512
c6888b538343975f6955b3a6cf26c23c10acf3fb0c58865f3707b191199ee5a155d7bea9d4b341fdf2a87bc33ba20ef808ee46bfaea219c8c07310893e303584

Download Submit
memory/1720-17-0x0000000000280000-0x00000000003B3000-memory.dmp

Filesize
1.2MB

Download
memory/1720-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1720-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1720-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1720-25-0x0000000003510000-0x000000000373A000-memory.dmp

Filesize
2.2MB

Download
memory/1720-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2000-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2000-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2000-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2000-13-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2000-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download