25605c3866a5b4d406c904645cae8245a0892632de78b27e0d862f4b23e45d37

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96ea66b60442380f50ca9dc253fe5bba.exe
Size

2.9MB
MD5

96ea66b60442380f50ca9dc253fe5bba
SHA1

a1109c1969fd8347245b2d9aa781d1696f946b11
SHA256

25605c3866a5b4d406c904645cae8245a0892632de78b27e0d862f4b23e45d37
SHA512

5925022ab9d19a2ce32fd506887965a238d61428bd8f8b3b18c862cbf81ed49d7a03ff28663b6c4e7880497271c2fd1f6cbe73ca4731caff18ffd282f3e2c70d
SSDEEP

49152:ruRFYFnlMp/CLbSE9CF1OsdN74NH5HUyNRcUsCVOzetdZJ:yRFYFlMgLbSE9y7d4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2480	96ea66b60442380f50ca9dc253fe5bba.exe

Executes dropped EXE 1 IoCs

pid	Process
2480	96ea66b60442380f50ca9dc253fe5bba.exe

Loads dropped DLL 1 IoCs

pid	Process
2232	96ea66b60442380f50ca9dc253fe5bba.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2232-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012252-10.dat	upx
behavioral1/files/0x0009000000012252-12.dat	upx
behavioral1/files/0x0009000000012252-14.dat	upx
behavioral1/memory/2480-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2232	96ea66b60442380f50ca9dc253fe5bba.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2232	96ea66b60442380f50ca9dc253fe5bba.exe
2480	96ea66b60442380f50ca9dc253fe5bba.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2480	2232	96ea66b60442380f50ca9dc253fe5bba.exe	28
PID 2232 wrote to memory of 2480	2232	96ea66b60442380f50ca9dc253fe5bba.exe	28
PID 2232 wrote to memory of 2480	2232	96ea66b60442380f50ca9dc253fe5bba.exe	28
PID 2232 wrote to memory of 2480	2232	96ea66b60442380f50ca9dc253fe5bba.exe	28

C:\Users\Admin\AppData\Local\Temp\96ea66b60442380f50ca9dc253fe5bba.exe
"C:\Users\Admin\AppData\Local\Temp\96ea66b60442380f50ca9dc253fe5bba.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Users\Admin\AppData\Local\Temp\96ea66b60442380f50ca9dc253fe5bba.exe
  C:\Users\Admin\AppData\Local\Temp\96ea66b60442380f50ca9dc253fe5bba.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\96ea66b60442380f50ca9dc253fe5bba.exe

Filesize
768KB

MD5
4dc2344dc82d80f171f8cbce480490ee

SHA1
e987947b465c5d59288dd663c7b515732150b411

SHA256
1b14872749592d0a260df38884939d1f925fd3e7e998e8c97bc77e814b0d19c1

SHA512
ee7b9cae0b8f81176deae7332f5946ecee1a22bc935ddaf2091763810223bf6842c1cd2c91845e6a6d483fcdbd272fbd9bf96f9a656d37ac9873cb1509ddf537

Download Submit
C:\Users\Admin\AppData\Local\Temp\96ea66b60442380f50ca9dc253fe5bba.exe

Filesize
2.4MB

MD5
a7b892ed143b83c43f58e5369912dd57

SHA1
63f66b0401cec8b3d7bf78d8e26f51af2ce07e9b

SHA256
2d3031b1c4857006e01202f4db3771e32264a7c86d15bf813c18e17ca8068526

SHA512
ca7dc197ac3d057189da6274430f80f2886662b3fbb15f28211d88501fb98b428279ccf3851b71eaddbae75acc20721be1648337c8b7cd1df3ae001c8eb37602

Download Submit
\Users\Admin\AppData\Local\Temp\96ea66b60442380f50ca9dc253fe5bba.exe

Filesize
1024KB

MD5
51b77cc64bf98dd798beb5c3f8b676fc

SHA1
4421ac514d56d23e8e445ac88566a95c408164c3

SHA256
891eeb9c3270075d11e82d493b21bc43c5abc7d7d9d40f669a8e5620adc98a5e

SHA512
da1448f825c6dfbf18e306dee94f5fa2dc7a5eecac13f48ab31830e2e662a349aa48166ea862a6b0f33e63aa4108b2ee51fbefe5eef07f9e820738bbeb967dff

Download Submit
memory/2232-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2232-4-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2232-15-0x0000000003980000-0x0000000003E6F000-memory.dmp

Filesize
4.9MB

Download
memory/2232-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2232-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2232-31-0x0000000003980000-0x0000000003E6F000-memory.dmp

Filesize
4.9MB

Download
memory/2480-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2480-17-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2480-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2480-24-0x0000000003540000-0x000000000376A000-memory.dmp

Filesize
2.2MB

Download
memory/2480-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2480-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download