111f9dd3ea25e67300f2eb3786f931e5dbf2ba0d5fce84dda995dd5501d95924

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 10:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9934199425ee916a450ee65e1ed16a17.exe
Size

2.7MB
MD5

9934199425ee916a450ee65e1ed16a17
SHA1

8b5fc0fd75ac82a3f6f62929c2064bd77563b3e4
SHA256

111f9dd3ea25e67300f2eb3786f931e5dbf2ba0d5fce84dda995dd5501d95924
SHA512

d45b7dcd8f25ff782864290f236d6aaddfa40b835548d9f71173f12846110439bfa525c83e57d88bc10775f0033ab960d776932eebf77825f23411474137528e
SSDEEP

49152:uawUAHuq8/kHOh8BytBic7maX/IDM66EiR9X+tIqZ3mRmijLuapH4V+fS2zJHRmD:xtku2c/IY66LHObZ2RNG/+fS2aHj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2136	9934199425ee916a450ee65e1ed16a17.exe

Executes dropped EXE 1 IoCs

pid	Process
2136	9934199425ee916a450ee65e1ed16a17.exe

Loads dropped DLL 1 IoCs

pid	Process
2108	9934199425ee916a450ee65e1ed16a17.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2108-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0007000000012281-10.dat	upx
behavioral1/files/0x0007000000012281-12.dat	upx
behavioral1/files/0x0007000000012281-13.dat	upx
behavioral1/memory/2136-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2108	9934199425ee916a450ee65e1ed16a17.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2108	9934199425ee916a450ee65e1ed16a17.exe
2136	9934199425ee916a450ee65e1ed16a17.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2108 wrote to memory of 2136	2108	9934199425ee916a450ee65e1ed16a17.exe	28
PID 2108 wrote to memory of 2136	2108	9934199425ee916a450ee65e1ed16a17.exe	28
PID 2108 wrote to memory of 2136	2108	9934199425ee916a450ee65e1ed16a17.exe	28
PID 2108 wrote to memory of 2136	2108	9934199425ee916a450ee65e1ed16a17.exe	28

C:\Users\Admin\AppData\Local\Temp\9934199425ee916a450ee65e1ed16a17.exe
"C:\Users\Admin\AppData\Local\Temp\9934199425ee916a450ee65e1ed16a17.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Users\Admin\AppData\Local\Temp\9934199425ee916a450ee65e1ed16a17.exe
  C:\Users\Admin\AppData\Local\Temp\9934199425ee916a450ee65e1ed16a17.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9934199425ee916a450ee65e1ed16a17.exe

Filesize
2.7MB

MD5
a2e52916e6c38c72ff07f367b52ecc1a

SHA1
bb42ef2affee8ab1f086c7643621589fc9d5371d

SHA256
237199fe2328624620be8d376e002696f29be748377f488154b1a599017d83db

SHA512
26ae56584f476dcf662996dbbbfbfde468fc1f6310a883e7dd46127287532940b91b7ef274b23ca8b3833b682b6aa85290ba394278a4173164e405afc2138ecb

Download Submit
C:\Users\Admin\AppData\Local\Temp\9934199425ee916a450ee65e1ed16a17.exe

Filesize
2.4MB

MD5
4433a6700d3d36ad821ff4076cdd49a2

SHA1
742310904a32ac6db0cf7511bec072eecd5c33eb

SHA256
b97bd2178ba0c909bce49b49ee35c7e80de264511d6c2d86c1a1502cd1a6c989

SHA512
8c1120fde3bc5c1d307672877bcafd2a656691a06b4378b2c5a2cba73097e125b2bd2ec4af91c601e4a0a983d74572fd79d25c28425b3f8299f9201ae4171fdd

Download Submit
\Users\Admin\AppData\Local\Temp\9934199425ee916a450ee65e1ed16a17.exe

Filesize
2.6MB

MD5
0280682121dcda65d90270c75ecb091f

SHA1
21d10b25565c5d7c4620196f25d4f088fd04ff95

SHA256
628d26210795df4fe9fe6b6def848f21000f9746bb03724d8045811614fc11fa

SHA512
f2cd778e0d728154330aaf0b942f31ded5ac6cb908a98a18a4f70a6935e4cac2c9ca901e7aa9e55cb392afa43d5a5a9c8cd4a4a1263f252a43667c9bcf5dd85a

Download Submit
memory/2108-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2108-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2108-15-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/2108-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2108-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2108-31-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/2136-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2136-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2136-18-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2136-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2136-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2136-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download