d034d9e96963ae874b6a50629e9f5b28046bb2d52648f2f0e8cb35d1a279f86b

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 10:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a19c810cba7ec2b9e8baec67d51c966f.exe
Size

1.5MB
MD5

a19c810cba7ec2b9e8baec67d51c966f
SHA1

b56908e8767f724cfcf38da7c1ed34629b14e0aa
SHA256

d034d9e96963ae874b6a50629e9f5b28046bb2d52648f2f0e8cb35d1a279f86b
SHA512

78a68d0b342c25b427471a7ef52a99a674d28d95fa5bcada8a3a0b3f4c73cbd511ffff4ee46f81914df48e7d76ccb8795473a1ff30aad6864fa4e92766f978e1
SSDEEP

24576:EQncqg30A7vJC8RRGy30dmRp47wp0MxJMIQCQ5tPB0d2vehxCiyW:EsctnJC4RGy30d4p0kKCQtPB0damq

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2936	a19c810cba7ec2b9e8baec67d51c966f.exe

Executes dropped EXE 1 IoCs

pid	Process
2936	a19c810cba7ec2b9e8baec67d51c966f.exe

Loads dropped DLL 1 IoCs

pid	Process
1864	a19c810cba7ec2b9e8baec67d51c966f.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1864-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001223a-10.dat	upx
behavioral1/memory/1864-14-0x0000000003640000-0x0000000003B2F000-memory.dmp	upx
behavioral1/files/0x000b00000001223a-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1864	a19c810cba7ec2b9e8baec67d51c966f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1864	a19c810cba7ec2b9e8baec67d51c966f.exe
2936	a19c810cba7ec2b9e8baec67d51c966f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 2936	1864	a19c810cba7ec2b9e8baec67d51c966f.exe	28
PID 1864 wrote to memory of 2936	1864	a19c810cba7ec2b9e8baec67d51c966f.exe	28
PID 1864 wrote to memory of 2936	1864	a19c810cba7ec2b9e8baec67d51c966f.exe	28
PID 1864 wrote to memory of 2936	1864	a19c810cba7ec2b9e8baec67d51c966f.exe	28

C:\Users\Admin\AppData\Local\Temp\a19c810cba7ec2b9e8baec67d51c966f.exe
"C:\Users\Admin\AppData\Local\Temp\a19c810cba7ec2b9e8baec67d51c966f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Users\Admin\AppData\Local\Temp\a19c810cba7ec2b9e8baec67d51c966f.exe
  C:\Users\Admin\AppData\Local\Temp\a19c810cba7ec2b9e8baec67d51c966f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a19c810cba7ec2b9e8baec67d51c966f.exe

Filesize
1.5MB

MD5
f7a17cc595d89b4e0b9779db4b88d388

SHA1
3e8dbaa31e0d906c8dd8e6289e47f6571329d4d6

SHA256
259e121420e36922b0e333134f149ca767785a72648babd8e9845bda8087beb0

SHA512
de2ef5d7172b9c66028826b772fd289841e5eb873050e4ba319133723dfeaf630f818445650d4b31aeb2905c1025bd60260610b6e2a9e2a3d7fa3eef2fbea992

Download Submit
\Users\Admin\AppData\Local\Temp\a19c810cba7ec2b9e8baec67d51c966f.exe

Filesize
64KB

MD5
a80b03f03d830d47c656e1f2660ad2d5

SHA1
ed3ede4d7a8fba671e3770b64acde3137cd6b7bc

SHA256
901e6939eee8a08f724d5f412657ae8c13804f4266ec4100998dcc1876651cbb

SHA512
1fe985f52a1ee1d9161f7da23f9a40171496e3e77eaad9594ec9c6ff17b9c5c94a10d36fc900cd3606d67fd5e4757fc61cd9dd2eb5c40adfee097c8848da194d

Download Submit
memory/1864-2-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/1864-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1864-14-0x0000000003640000-0x0000000003B2F000-memory.dmp

Filesize
4.9MB

Download
memory/1864-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1864-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2936-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2936-21-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2936-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2936-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2936-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2936-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download