ae368afe31d88dd8245a354380325c2eb600aa9f4f69d6ea0aeba214adcc0602

Analysis

max time kernel
117s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 20:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a2b9101b2581cbec3d271905c19b4308.exe
Size

5.3MB
MD5

a2b9101b2581cbec3d271905c19b4308
SHA1

5575863f4436a461143cd52735d644d9dec08ebc
SHA256

ae368afe31d88dd8245a354380325c2eb600aa9f4f69d6ea0aeba214adcc0602
SHA512

c0c357aa9331e2cb0289af7335aed3a53683474cb2181fc676b317d80e81c395f312d8ae275dd454e7a22a73d5f7a8ce86a0b12bc61713df7d3b6e4292e3d987
SSDEEP

98304:UCNHxWzhtLRSPv64i956mSLMWzvHEphW+EA4hGSPv64i956mSLMW:nFxWzht1SPv64i95HAMuEpiThGSPv64e

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2296	a2b9101b2581cbec3d271905c19b4308.exe

Executes dropped EXE 1 IoCs

pid	Process
2296	a2b9101b2581cbec3d271905c19b4308.exe

Loads dropped DLL 1 IoCs

pid	Process
1248	a2b9101b2581cbec3d271905c19b4308.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1248-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a000000012255-11.dat	upx
behavioral1/files/0x000a000000012255-13.dat	upx
behavioral1/files/0x000a000000012255-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1248	a2b9101b2581cbec3d271905c19b4308.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1248	a2b9101b2581cbec3d271905c19b4308.exe
2296	a2b9101b2581cbec3d271905c19b4308.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 2296	1248	a2b9101b2581cbec3d271905c19b4308.exe	28
PID 1248 wrote to memory of 2296	1248	a2b9101b2581cbec3d271905c19b4308.exe	28
PID 1248 wrote to memory of 2296	1248	a2b9101b2581cbec3d271905c19b4308.exe	28
PID 1248 wrote to memory of 2296	1248	a2b9101b2581cbec3d271905c19b4308.exe	28

C:\Users\Admin\AppData\Local\Temp\a2b9101b2581cbec3d271905c19b4308.exe
"C:\Users\Admin\AppData\Local\Temp\a2b9101b2581cbec3d271905c19b4308.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Users\Admin\AppData\Local\Temp\a2b9101b2581cbec3d271905c19b4308.exe
  C:\Users\Admin\AppData\Local\Temp\a2b9101b2581cbec3d271905c19b4308.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a2b9101b2581cbec3d271905c19b4308.exe

Filesize
4.8MB

MD5
714a61803a17a642ac20cfa2628337c8

SHA1
2c9313bcde6bb21a38bce759287eb58d5417d1fc

SHA256
6692285c7767529fe584ba0de0d534d7ce2f749c6c3a2ed3073501675ac68c23

SHA512
36ee633f3c6baca144b233e40f46297d95a182b7f933fdba4a90fb4fdfa027afbecf1a54781048f4b7e4d69efddd6c5bf132308413ed4e8cc304115f3116692e

Download Submit
C:\Users\Admin\AppData\Local\Temp\a2b9101b2581cbec3d271905c19b4308.exe

Filesize
4.5MB

MD5
7499a4a022529f1660af96661ae832a4

SHA1
d2e686605bfbe92ca5a60219aab40bcb8a0ce38d

SHA256
b7c26e4724a410137225e4fe2dfe3e57768f3a630875d113616ab062a578bba4

SHA512
e3f567f50be9f6f145f945edad5bf809f22395df475cc99b033dd54a6eb870d664cc28ba61c5cc53e6258fc92036cdb153316745d4d5b3ef44282c0abfa31648

Download Submit
\Users\Admin\AppData\Local\Temp\a2b9101b2581cbec3d271905c19b4308.exe

Filesize
4.3MB

MD5
f25282bf9dfb23fd315d4cf17e4e999c

SHA1
a69ca71e93ddfe97433b0be2e861a21f9d0f07ee

SHA256
a849a6d3701c2cdc8c70e473b9b48206f19d47fa758ab4df7015b44c7e9f50e6

SHA512
acdc932b6c2a3ad44bd9fe65d0613a33f8d8b5cf253bf0436a7d62059faf55c0d1ae56702c93830e1dc3d2ae86b7b4bda04635f90218a7a68c4bd5a3bf961dd8

Download Submit
memory/1248-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1248-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1248-16-0x0000000003EA0000-0x000000000430A000-memory.dmp

Filesize
4.4MB

Download
memory/1248-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1248-2-0x0000000000280000-0x0000000000392000-memory.dmp

Filesize
1.1MB

Download
memory/1248-26-0x0000000003EA0000-0x000000000430A000-memory.dmp

Filesize
4.4MB

Download
memory/2296-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2296-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2296-19-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2296-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download