59e00d1117238f8f499058d2cb48409bcffe4263c52a2530c1f5717c95e514ca

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14-02-2024 02:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a8be058b3c3ed72b59de20c070a2aa8.exe
Size

5.3MB
MD5

9a8be058b3c3ed72b59de20c070a2aa8
SHA1

f8940b780b88bdc212ab96de64758fedb76c5827
SHA256

59e00d1117238f8f499058d2cb48409bcffe4263c52a2530c1f5717c95e514ca
SHA512

994ad283ed603f7b830b1d9335baeeaf919181c20b8dd23a4ed8b39532cd84d8031ecf370d437a988e8a7ac76adc92d1cca7f7531c6da93d3ae6c2bd91ae83dd
SSDEEP

98304:OjQ3q2YaJE8HSof/nw4JsqNvMoYD3FwHVN1LR+1igHI7ZjHSof/nw4JsqNvMoYDm:Oj6E8/ffxsgUwHSIddj/ffxsgUwD

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2800	9a8be058b3c3ed72b59de20c070a2aa8.exe

Executes dropped EXE 1 IoCs

pid	Process
2800	9a8be058b3c3ed72b59de20c070a2aa8.exe

Loads dropped DLL 1 IoCs

pid	Process
2508	9a8be058b3c3ed72b59de20c070a2aa8.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2508-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b000000012255-10.dat	upx
behavioral1/files/0x000b000000012255-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2508	9a8be058b3c3ed72b59de20c070a2aa8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2508	9a8be058b3c3ed72b59de20c070a2aa8.exe
2800	9a8be058b3c3ed72b59de20c070a2aa8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2800	2508	9a8be058b3c3ed72b59de20c070a2aa8.exe	28
PID 2508 wrote to memory of 2800	2508	9a8be058b3c3ed72b59de20c070a2aa8.exe	28
PID 2508 wrote to memory of 2800	2508	9a8be058b3c3ed72b59de20c070a2aa8.exe	28
PID 2508 wrote to memory of 2800	2508	9a8be058b3c3ed72b59de20c070a2aa8.exe	28

C:\Users\Admin\AppData\Local\Temp\9a8be058b3c3ed72b59de20c070a2aa8.exe
"C:\Users\Admin\AppData\Local\Temp\9a8be058b3c3ed72b59de20c070a2aa8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Users\Admin\AppData\Local\Temp\9a8be058b3c3ed72b59de20c070a2aa8.exe
  C:\Users\Admin\AppData\Local\Temp\9a8be058b3c3ed72b59de20c070a2aa8.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9a8be058b3c3ed72b59de20c070a2aa8.exe

Filesize
2.3MB

MD5
15f589fb6074cba2514d92155ba2e116

SHA1
ceaf60381d80ed045c52ac03f190f7581a652661

SHA256
1c908b39c24ee7db46952af130d1d00407cc193b5da442dcbebdad523db65f3c

SHA512
21b4a8b5072d2d7f32d02e7e1c7b97f6564ac8f0bf1e8571f4db0bff51db1945ba34c9cbb46e768ada5e09dcb28f5f7b209a07e3d18fe2eaefe08cc6b328285c

Download Submit
\Users\Admin\AppData\Local\Temp\9a8be058b3c3ed72b59de20c070a2aa8.exe

Filesize
2.4MB

MD5
e17abe75e50cd2eb0e6c78bbd576dbf2

SHA1
63155b56b4af6875366dd7c07739eff31f828029

SHA256
3e0a30949f98416d5460cb513ed16125ff6cba9cb7f1a27c1c9bad54afb555cc

SHA512
d03da0a4683b3534327f577b33a555b24d1143a3caca234b3053af3ea15c81b5297a85af93827b50e87164384a3ceefd83b13ddcfc67a5f9544fde72429d13b8

Download Submit
memory/2508-31-0x0000000003F90000-0x0000000004477000-memory.dmp

Filesize
4.9MB

Download
memory/2508-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2508-2-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2508-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2508-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2508-15-0x0000000003F90000-0x0000000004477000-memory.dmp

Filesize
4.9MB

Download
memory/2800-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2800-17-0x00000000002B0000-0x00000000003E1000-memory.dmp

Filesize
1.2MB

Download
memory/2800-23-0x00000000032B0000-0x00000000034D2000-memory.dmp

Filesize
2.1MB

Download
memory/2800-24-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2800-18-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2800-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download