41f4ab5ff8f820a11dd1b736ecb3e8cefa6202ecadd932bb9de59c7668563742

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 21:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a2d36ca61e4c87a98e1f2b1478aa937a.exe
Size

2.9MB
MD5

a2d36ca61e4c87a98e1f2b1478aa937a
SHA1

8ed53560c062d5dea3166854f7f217cdd01a85ef
SHA256

41f4ab5ff8f820a11dd1b736ecb3e8cefa6202ecadd932bb9de59c7668563742
SHA512

0457eed8d9ca463b7b85eb5da986dfa43019df96c083a8025b0e25e441f5b870b755947b345b90bb698a7247fa9c03b3685a514ad68413ea6f04fd3924cbf6a6
SSDEEP

49152:hMGqNkGvdKTAOqQct4iAqK/BgBYoc1P4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:7x0MsAos/eBYoc1gg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2604	a2d36ca61e4c87a98e1f2b1478aa937a.exe

Executes dropped EXE 1 IoCs

pid	Process
2604	a2d36ca61e4c87a98e1f2b1478aa937a.exe

Loads dropped DLL 1 IoCs

pid	Process
2196	a2d36ca61e4c87a98e1f2b1478aa937a.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2196-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012226-10.dat	upx
behavioral1/memory/2604-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012226-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2196	a2d36ca61e4c87a98e1f2b1478aa937a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2196	a2d36ca61e4c87a98e1f2b1478aa937a.exe
2604	a2d36ca61e4c87a98e1f2b1478aa937a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2604	2196	a2d36ca61e4c87a98e1f2b1478aa937a.exe	28
PID 2196 wrote to memory of 2604	2196	a2d36ca61e4c87a98e1f2b1478aa937a.exe	28
PID 2196 wrote to memory of 2604	2196	a2d36ca61e4c87a98e1f2b1478aa937a.exe	28
PID 2196 wrote to memory of 2604	2196	a2d36ca61e4c87a98e1f2b1478aa937a.exe	28

C:\Users\Admin\AppData\Local\Temp\a2d36ca61e4c87a98e1f2b1478aa937a.exe
"C:\Users\Admin\AppData\Local\Temp\a2d36ca61e4c87a98e1f2b1478aa937a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Users\Admin\AppData\Local\Temp\a2d36ca61e4c87a98e1f2b1478aa937a.exe
  C:\Users\Admin\AppData\Local\Temp\a2d36ca61e4c87a98e1f2b1478aa937a.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2d36ca61e4c87a98e1f2b1478aa937a.exe

Filesize
1.9MB

MD5
4ec2cffb99491128ad18c0f7af5261bd

SHA1
3cc9caeea2a13401fe1ba981732b48e6937e66d0

SHA256
396c77bc8fae1269c53c2f86aa7857b1f26ef83bd8cf6a98080dd7c6c53c4d80

SHA512
26877b69b28ba8fd6d536ce0900ce30c7482757c6afa8a846756d79e8077d385a89b777a75d1d4953f9af9e82458acc45f10bfe528929fb2790366c485ff2d9b

Download Submit
\Users\Admin\AppData\Local\Temp\a2d36ca61e4c87a98e1f2b1478aa937a.exe

Filesize
896KB

MD5
65e95d3f556d42bb34ce205e663011af

SHA1
7944a8c075c60f55c5e141e467bb814816d3b9a3

SHA256
c58dd91305fbf5d25ce7dbd36b89ed93437a4e0c3dfdbcd1da998254dad21402

SHA512
619d9a284d834e92297777c63e90338a82340bbd2fbcfee897283feeebd50d528485c7a827108c417c1269b952a678d29a16aaf3b780b2a3bb8f2412ab03bd4b

Download Submit
memory/2196-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2196-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2196-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2196-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2604-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2604-15-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2604-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2604-22-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2604-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2604-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download