b4aa7f85ea26f14899fffa322dfefe1303912d88f319387b2b64c6d389f2b2ec

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a21e0599afe06362cf1269bd7d09d938.exe
Size

5.8MB
MD5

a21e0599afe06362cf1269bd7d09d938
SHA1

1a840676e6c7845b2e7b956ed072d65d8bd4ea5c
SHA256

b4aa7f85ea26f14899fffa322dfefe1303912d88f319387b2b64c6d389f2b2ec
SHA512

efcdac042a67f47e3d24ad5e2d0a3ae4204b2a482cc3be38485d552a25830a37d52bb85661d945c381a9e62c9834b81ff63e781c0bf57566f69d3f77aa0aa6be
SSDEEP

98304:qqiFOhI6Z/aY9fuZHau42c1joCjMPkNwk6366QOD6O5qjTKIHau42c1joCjMPkNQ:JZhI6ZaY8Fauq1jI86f6U+O5qjT3auqq

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2460	a21e0599afe06362cf1269bd7d09d938.exe

Executes dropped EXE 1 IoCs

pid	Process
2460	a21e0599afe06362cf1269bd7d09d938.exe

Loads dropped DLL 1 IoCs

pid	Process
2116	a21e0599afe06362cf1269bd7d09d938.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2116-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000700000001225f-10.dat	upx
behavioral1/files/0x000700000001225f-14.dat	upx
behavioral1/files/0x000700000001225f-12.dat	upx
behavioral1/memory/2460-15-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2116	a21e0599afe06362cf1269bd7d09d938.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2116	a21e0599afe06362cf1269bd7d09d938.exe
2460	a21e0599afe06362cf1269bd7d09d938.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2460	2116	a21e0599afe06362cf1269bd7d09d938.exe	28
PID 2116 wrote to memory of 2460	2116	a21e0599afe06362cf1269bd7d09d938.exe	28
PID 2116 wrote to memory of 2460	2116	a21e0599afe06362cf1269bd7d09d938.exe	28
PID 2116 wrote to memory of 2460	2116	a21e0599afe06362cf1269bd7d09d938.exe	28

C:\Users\Admin\AppData\Local\Temp\a21e0599afe06362cf1269bd7d09d938.exe
"C:\Users\Admin\AppData\Local\Temp\a21e0599afe06362cf1269bd7d09d938.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Users\Admin\AppData\Local\Temp\a21e0599afe06362cf1269bd7d09d938.exe
  C:\Users\Admin\AppData\Local\Temp\a21e0599afe06362cf1269bd7d09d938.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a21e0599afe06362cf1269bd7d09d938.exe

Filesize
3.4MB

MD5
f7f5a302fa83eca7297db0c2df55f918

SHA1
5d574f79ec8fae5313d58d956617b5ff6fe792f9

SHA256
10b5a47a7cd94ff40b599f3c80ab43c0e67143f476afc65bfcdf1b879be7a334

SHA512
115b63dce5951bff0201fa0d5247cd3710d89cf3c69034f788ffcc67a39398c126cd363bf83e5ccc790615013e3e12028dccc1aa85887d6ad588f46abd5b2f6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\a21e0599afe06362cf1269bd7d09d938.exe

Filesize
3.1MB

MD5
00094e62dbf7775372d2ec92377d84c3

SHA1
392c4a85bfe84ddf55e253b6587ee02e005d3050

SHA256
2e3b7aa6f068bdc169879f3953474230027bc74937741b5fa1efac3300e7c9ce

SHA512
55e71cbd045a73076c449dfc00dfec2d5190d03cb6b0c569135172306091e527e2e13d910897a0dfc5871cd4c40f338ca164528a211265f58980ef1b70544f76

Download Submit
\Users\Admin\AppData\Local\Temp\a21e0599afe06362cf1269bd7d09d938.exe

Filesize
3.6MB

MD5
d81e1491bc58b9a7abdc3c45dc8b7417

SHA1
6145a8b29228b5ed04e905336cb234dd096be046

SHA256
bda61613ac67cefc184e65be9a982894148eb23ec5c2903b4eb416c60a65300f

SHA512
e33a60cf976b367abefdea7f365a61c4ad762a007b9a03f99c6c9826f9d7582a2d645ac2e44db843b1751616fff9b54964d194b957b957970ecfccfc4f7fd650

Download Submit
memory/2116-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2116-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2116-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2116-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2460-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2460-17-0x0000000000280000-0x00000000003B3000-memory.dmp

Filesize
1.2MB

Download
memory/2460-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2460-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2460-24-0x00000000036A0000-0x00000000038CA000-memory.dmp

Filesize
2.2MB

Download
memory/2460-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download