0bee17038baa506186cac46ea76576cedf75c004141fcf61b63e23fd00024876

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-02-2024 09:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a191f3fa0bfeb45d757a21a36ee46061.exe
Size

11.7MB
MD5

a191f3fa0bfeb45d757a21a36ee46061
SHA1

b6832415aa4e85b9ee57bc556a3665fa22f740de
SHA256

0bee17038baa506186cac46ea76576cedf75c004141fcf61b63e23fd00024876
SHA512

e57170a4450ad0bd5fe126f4f10274c4d3ddab0d03a831342f2bd3f388d0afd65dff632267dea128898e244395e5382d1f4429001b1aeb9bb7847ca09e6e297e
SSDEEP

98304:QUrzTwZuUV4HBUCczzM3AZXfbGHZ4EMbC/Hthh4HBUCczzM3yLANEkBjVp4HBUCE:FrzTwZKWCcXf3o2WCfuuoWCcXf3o2WC

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2744	a191f3fa0bfeb45d757a21a36ee46061.exe

Executes dropped EXE 1 IoCs

pid	Process
2744	a191f3fa0bfeb45d757a21a36ee46061.exe

Loads dropped DLL 1 IoCs

pid	Process
2936	a191f3fa0bfeb45d757a21a36ee46061.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2936-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012240-10.dat	upx
behavioral1/files/0x000c000000012240-13.dat	upx
behavioral1/memory/2744-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2936	a191f3fa0bfeb45d757a21a36ee46061.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2936	a191f3fa0bfeb45d757a21a36ee46061.exe
2744	a191f3fa0bfeb45d757a21a36ee46061.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2744	2936	a191f3fa0bfeb45d757a21a36ee46061.exe	28
PID 2936 wrote to memory of 2744	2936	a191f3fa0bfeb45d757a21a36ee46061.exe	28
PID 2936 wrote to memory of 2744	2936	a191f3fa0bfeb45d757a21a36ee46061.exe	28
PID 2936 wrote to memory of 2744	2936	a191f3fa0bfeb45d757a21a36ee46061.exe	28

C:\Users\Admin\AppData\Local\Temp\a191f3fa0bfeb45d757a21a36ee46061.exe
"C:\Users\Admin\AppData\Local\Temp\a191f3fa0bfeb45d757a21a36ee46061.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Users\Admin\AppData\Local\Temp\a191f3fa0bfeb45d757a21a36ee46061.exe
  C:\Users\Admin\AppData\Local\Temp\a191f3fa0bfeb45d757a21a36ee46061.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a191f3fa0bfeb45d757a21a36ee46061.exe

Filesize
4.4MB

MD5
73cdec5da9b358392a57eb1fb2200397

SHA1
8c55a81f14281a7e183d87b45442219981617bcb

SHA256
af60c1ab927bbe9f18462ea53f8e9b5e626538f1d82d4c4033205d985c4e59d0

SHA512
207d5bc9a2505f8ffda8d24da151ab6b4b73feef38b6b5f5c8f4aec172c353f4e16bc7562c80d83a8bade9ad6a92a36ae0751a38c2ecded8d3820f2cdd8dd734

Download Submit
\Users\Admin\AppData\Local\Temp\a191f3fa0bfeb45d757a21a36ee46061.exe

Filesize
145KB

MD5
67b40cad51fbe010175257bce6bae14f

SHA1
ab9ec2e3c64f2b9d7697977dd79ec9d3dafa9bd7

SHA256
49887fefdbe59659b269de5518ca52a49c6ad7a27949a4173912becf44c30725

SHA512
65ba4d982be2337cfd000e7e29b2d8c9a1042fe7192f0b0f5bf8afae61b490e33ca53222b8b96fa42ddc26e5fcf447720b0741822dbda689ef5d842a2e4e8b12

Download Submit
memory/2744-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2744-16-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2744-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2744-22-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2744-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2744-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2936-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2936-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2936-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2936-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download