0af4f6a85b1984410cc69278b7387db863c414c1fedc6bf9ca4e12417e4f2d13

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9966b8ca69992a1abbce5c05c90ead34.exe
Size

1.3MB
MD5

9966b8ca69992a1abbce5c05c90ead34
SHA1

7194d0c94d6fff99ad537237d996f789b3698934
SHA256

0af4f6a85b1984410cc69278b7387db863c414c1fedc6bf9ca4e12417e4f2d13
SHA512

120acd2208135644c3241082111459218ce7715c74aa360fb5bd88754b15a29044cf0aa5327cc8ab549da99a1769196c09671a1b1409e3768e88cb0da2221a31
SSDEEP

24576:56t5pUotapxNauj7PKmDitUpg/Q/5rxjtslMROTM5Q5bssGWc:0t5CoyT7i/YCO9OQSDGp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2652	9966b8ca69992a1abbce5c05c90ead34.exe

Executes dropped EXE 1 IoCs

pid	Process
2652	9966b8ca69992a1abbce5c05c90ead34.exe

Loads dropped DLL 1 IoCs

pid	Process
1888	9966b8ca69992a1abbce5c05c90ead34.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1888-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012234-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1888	9966b8ca69992a1abbce5c05c90ead34.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1888	9966b8ca69992a1abbce5c05c90ead34.exe
2652	9966b8ca69992a1abbce5c05c90ead34.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1888 wrote to memory of 2652	1888	9966b8ca69992a1abbce5c05c90ead34.exe	28
PID 1888 wrote to memory of 2652	1888	9966b8ca69992a1abbce5c05c90ead34.exe	28
PID 1888 wrote to memory of 2652	1888	9966b8ca69992a1abbce5c05c90ead34.exe	28
PID 1888 wrote to memory of 2652	1888	9966b8ca69992a1abbce5c05c90ead34.exe	28

C:\Users\Admin\AppData\Local\Temp\9966b8ca69992a1abbce5c05c90ead34.exe
"C:\Users\Admin\AppData\Local\Temp\9966b8ca69992a1abbce5c05c90ead34.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1888
- C:\Users\Admin\AppData\Local\Temp\9966b8ca69992a1abbce5c05c90ead34.exe
  C:\Users\Admin\AppData\Local\Temp\9966b8ca69992a1abbce5c05c90ead34.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9966b8ca69992a1abbce5c05c90ead34.exe

Filesize
1.3MB

MD5
0d5e5ca8f430987653a20b66766bede6

SHA1
03cdbcaa9986a15b83da74a9cc38d155ad574371

SHA256
d0028b586ea61bd4b0b426094f9640abf4b455f0383eaf645bcfdb1365a4d54c

SHA512
79374a3a270c044526afc1ea712c43ddde10188b051d16f4fe029f1fceed35db24903e466d60b1e28444b76d7cbdce9d9ba73099425b110f557139073d010128

Download Submit
memory/1888-31-0x00000000034D0000-0x00000000039BF000-memory.dmp

Filesize
4.9MB

Download
memory/1888-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1888-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1888-14-0x00000000034D0000-0x00000000039BF000-memory.dmp

Filesize
4.9MB

Download
memory/1888-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1888-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2652-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2652-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2652-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2652-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2652-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2652-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download