4ad0523480f7d9c073ab68a901a4a53ce4a61444120f21ac7a4f4aa519795c21

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/02/2024, 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0ac2d7f9647acd554e45f643578911d.exe
Size

2.4MB
MD5

a0ac2d7f9647acd554e45f643578911d
SHA1

45d55c39e25699e9dcdb1a776cf29005f7e73d4e
SHA256

4ad0523480f7d9c073ab68a901a4a53ce4a61444120f21ac7a4f4aa519795c21
SHA512

b324eb070e35788c6d6acf874c87bb748a669732539782462aadc7abba53c59529fa2246bb8451a1f15de3464d1eb17947473b9942c86345a323a4f25825129e
SSDEEP

49152:Lxi4WHpOCz5d2iFDOnrMNOHP4M338dB2IBlGuuDVUsdxxjr:NDaMCz32y2MNOHgg3gnl/IVUs1jr

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2976	a0ac2d7f9647acd554e45f643578911d.exe

Executes dropped EXE 1 IoCs

pid	Process
2976	a0ac2d7f9647acd554e45f643578911d.exe

Loads dropped DLL 1 IoCs

pid	Process
2080	a0ac2d7f9647acd554e45f643578911d.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2080-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000800000001222d-10.dat	upx
behavioral1/files/0x000800000001222d-15.dat	upx
behavioral1/memory/2976-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000800000001222d-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2080	a0ac2d7f9647acd554e45f643578911d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2080	a0ac2d7f9647acd554e45f643578911d.exe
2976	a0ac2d7f9647acd554e45f643578911d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2976	2080	a0ac2d7f9647acd554e45f643578911d.exe	28
PID 2080 wrote to memory of 2976	2080	a0ac2d7f9647acd554e45f643578911d.exe	28
PID 2080 wrote to memory of 2976	2080	a0ac2d7f9647acd554e45f643578911d.exe	28
PID 2080 wrote to memory of 2976	2080	a0ac2d7f9647acd554e45f643578911d.exe	28

C:\Users\Admin\AppData\Local\Temp\a0ac2d7f9647acd554e45f643578911d.exe
"C:\Users\Admin\AppData\Local\Temp\a0ac2d7f9647acd554e45f643578911d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Users\Admin\AppData\Local\Temp\a0ac2d7f9647acd554e45f643578911d.exe
  C:\Users\Admin\AppData\Local\Temp\a0ac2d7f9647acd554e45f643578911d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a0ac2d7f9647acd554e45f643578911d.exe

Filesize
2.4MB

MD5
1d412e6bf5e77dbe97703072d7dc2566

SHA1
cac3fa15dcecddac776749297678dbdba314678f

SHA256
43c704d3a1dc7cb2068a65bb4c8b7ae1b4c940580d77cdc8c093e75b36780c73

SHA512
3272dda16914050fb33a652982d4e966f0ac42ac7035db9d7cbf3c7ac68559c242193c6764c4b6348a68f5c8f72345216476941c91de0b2fc161e3fe8f6e3cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\a0ac2d7f9647acd554e45f643578911d.exe

Filesize
1.9MB

MD5
63c72cc00a968d038fb2e6ae51e0fd1f

SHA1
20f7f154190e2f0becc2e0d8cdf0f80043c8f6c1

SHA256
fa05ec8f313bfd0ebbdb345d7cad5dfd58779c47102c02cdeaf70344dfa78445

SHA512
72bc0798a269afca0ec0cf4caa395784677ce556048ed8471f871b147de4b03799adaa63cb47e01a86564aafd5e7e862c30852b7eef26277bcd674bf7f2833b8

Download Submit
\Users\Admin\AppData\Local\Temp\a0ac2d7f9647acd554e45f643578911d.exe

Filesize
1.7MB

MD5
a4010b2d4f073388541d1e87b284ccf0

SHA1
af86b19e55e82d0d6807b5137c4b875f9836e084

SHA256
fa16ef3e4dff0f24626c574d9d66a571eb091dee5d14287bc05e898a6c407530

SHA512
dc613b3563722424078e47eb0fbd5ee4a5ccb9b91f3bf14f8c9b8c097982a52b98a1c97f9eb8f1659358c6a2076c0bd49398508c2d634b78fe80709b69f805dd

Download Submit
memory/2080-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2080-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2080-14-0x00000000036F0000-0x0000000003BDF000-memory.dmp

Filesize
4.9MB

Download
memory/2080-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2080-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2976-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2976-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2976-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2976-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2976-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2976-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download