d12a32d2b595b77f030f8fffe486be3ce4ab574c29c7d2f94ce7a811baf9c367

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 09:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96de858a81e0830e4d69dda32411a3e6.exe
Size

5.8MB
MD5

96de858a81e0830e4d69dda32411a3e6
SHA1

6ef1fae4321c17c9c3407f0159a194ac53eff282
SHA256

d12a32d2b595b77f030f8fffe486be3ce4ab574c29c7d2f94ce7a811baf9c367
SHA512

cbccef05fcec0238d6d30a43c9d6fa466292d9d500d02f59435143749ed50ece4b52d14f00c4f25b696301cbb4e0d34772319eaa0ea45d75fa7497ad93a28492
SSDEEP

98304:quS+NkF+mV/v1wmwJOKXGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UE1:qiNkFByO+GhRaaCkN9qHGhRa

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2172	96de858a81e0830e4d69dda32411a3e6.exe

Executes dropped EXE 1 IoCs

pid	Process
2172	96de858a81e0830e4d69dda32411a3e6.exe

Loads dropped DLL 1 IoCs

pid	Process
2052	96de858a81e0830e4d69dda32411a3e6.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2052-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012262-12.dat	upx
behavioral1/files/0x000b000000012262-14.dat	upx
behavioral1/files/0x000b000000012262-10.dat	upx
behavioral1/memory/2172-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2052	96de858a81e0830e4d69dda32411a3e6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2052	96de858a81e0830e4d69dda32411a3e6.exe
2172	96de858a81e0830e4d69dda32411a3e6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2172	2052	96de858a81e0830e4d69dda32411a3e6.exe	28
PID 2052 wrote to memory of 2172	2052	96de858a81e0830e4d69dda32411a3e6.exe	28
PID 2052 wrote to memory of 2172	2052	96de858a81e0830e4d69dda32411a3e6.exe	28
PID 2052 wrote to memory of 2172	2052	96de858a81e0830e4d69dda32411a3e6.exe	28

C:\Users\Admin\AppData\Local\Temp\96de858a81e0830e4d69dda32411a3e6.exe
"C:\Users\Admin\AppData\Local\Temp\96de858a81e0830e4d69dda32411a3e6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\AppData\Local\Temp\96de858a81e0830e4d69dda32411a3e6.exe
  C:\Users\Admin\AppData\Local\Temp\96de858a81e0830e4d69dda32411a3e6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\96de858a81e0830e4d69dda32411a3e6.exe

Filesize
960KB

MD5
4aa40854193be75e48f3f1d215e10433

SHA1
a78154e806dacc8722ab7e35e0bc9634a3e232b7

SHA256
b3a667ef8b603fed9fa411caf0e9523903290042c138e0b0180a4e02fa5a6217

SHA512
cea629e3721b6d8a3ac02611403ad7f179d15e544a24fadcc68405f99fb06e10ec7a0534bcbd05c5eb705925c3dcff1f982ec52121d5bd758b1aec8b847a2cac

Download Submit
C:\Users\Admin\AppData\Local\Temp\96de858a81e0830e4d69dda32411a3e6.exe

Filesize
4.8MB

MD5
65a4cebad582ca868fea534c6375b1f8

SHA1
455048d398c9f9b451b6a3380607d70604c8d008

SHA256
c2d8af3b9fc4d85a3121592233dc3d7560a2010770820c552dd13883e6b86788

SHA512
a2a114b70b06a6f4e512135f9bd5a7f4c21bda72a837525ac132106658779c15c638f3f65615164acc4fff188d0634a2bdc19b86d07ced6da2da0d94e5631a14

Download Submit
\Users\Admin\AppData\Local\Temp\96de858a81e0830e4d69dda32411a3e6.exe

Filesize
5.8MB

MD5
f6473e7ed58c897b99a1bb43104f619c

SHA1
fb0529ba152b59ac1852339f010fba49050cd1b2

SHA256
be3a09891e2c5a13ec183d6af5eb0a34b19beebd26fc1c92b5cc75252bd14596

SHA512
ad798782f3316511e0286cb8385a765752f5a02eefc0950bf13c1cf15a4c3b1aed9b9b415bc1610dee8d895c6c4de0d13312177a22c3310524e06756ac2c5fba

Download Submit
memory/2052-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2052-15-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2052-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2052-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2052-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2052-31-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2172-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2172-17-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2172-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2172-24-0x0000000003670000-0x000000000389A000-memory.dmp

Filesize
2.2MB

Download
memory/2172-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2172-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download