1cd61c186a32e90ed7fb21840d29bab2777807c4d8e732b154e58bf737710444

Analysis

max time kernel
120s
max time network
140s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 05:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a304088994dd64cedd3a9d6a10953d9b.exe
Size

1.3MB
MD5

a304088994dd64cedd3a9d6a10953d9b
SHA1

f05b0ac32b6aaa50172d9225d2a524018f988535
SHA256

1cd61c186a32e90ed7fb21840d29bab2777807c4d8e732b154e58bf737710444
SHA512

2aee01bdbad9e8f650887ec498a9cc5bd0ca3cd3fcf5394d8bd4984d2c63e7d1cf893687b0017066e56939f1fba8e0f28cf03eb95d0cf8ff93c221d98b829604
SSDEEP

24576:t0q+mF1i1HLd1ALCZfAmkv1tc7mLBuMBoiXobCVTJJRkOHvG:tWtrAIWnLBuLggCVTTRkO

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2576	a304088994dd64cedd3a9d6a10953d9b.exe

Executes dropped EXE 1 IoCs

pid	Process
2576	a304088994dd64cedd3a9d6a10953d9b.exe

Loads dropped DLL 1 IoCs

pid	Process
2200	a304088994dd64cedd3a9d6a10953d9b.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2200-1-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000c000000012258-11.dat	upx
behavioral1/files/0x000c000000012258-15.dat	upx
behavioral1/files/0x000c000000012258-13.dat	upx
behavioral1/memory/2576-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2200	a304088994dd64cedd3a9d6a10953d9b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2200	a304088994dd64cedd3a9d6a10953d9b.exe
2576	a304088994dd64cedd3a9d6a10953d9b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2576	2200	a304088994dd64cedd3a9d6a10953d9b.exe	28
PID 2200 wrote to memory of 2576	2200	a304088994dd64cedd3a9d6a10953d9b.exe	28
PID 2200 wrote to memory of 2576	2200	a304088994dd64cedd3a9d6a10953d9b.exe	28
PID 2200 wrote to memory of 2576	2200	a304088994dd64cedd3a9d6a10953d9b.exe	28

C:\Users\Admin\AppData\Local\Temp\a304088994dd64cedd3a9d6a10953d9b.exe
"C:\Users\Admin\AppData\Local\Temp\a304088994dd64cedd3a9d6a10953d9b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Users\Admin\AppData\Local\Temp\a304088994dd64cedd3a9d6a10953d9b.exe
  C:\Users\Admin\AppData\Local\Temp\a304088994dd64cedd3a9d6a10953d9b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a304088994dd64cedd3a9d6a10953d9b.exe

Filesize
1.3MB

MD5
d388e73d60d39a4d2e933a91f16263c9

SHA1
58783e93917fed7a6c55f762a4acb8595f1e007c

SHA256
7270eb26d0febf1a0e0070d97da9a124bd2fe2c9b02e4613e94a6307021f8a46

SHA512
8163b545b75ddb9882313c9dbca6355449b258291fc22415cc373fd677e165cb508156966d4b6c4521a69c9d76fdd851bb9a82d11c52506363ab5e28a07025fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\a304088994dd64cedd3a9d6a10953d9b.exe

Filesize
64KB

MD5
330145ecd03d878532dea1768f5ff8e4

SHA1
3d8133eb6c180f7f258476dea55099de1bb18213

SHA256
fe7fc75724ce57e95c478e0329552b606c4feee8e7e5c56daf434058dc282376

SHA512
48abb6e973bffafac956dc536eb333e4d3173530523512ccf9e43f810a99006c5613ee2400096ea5e7ba3ed55da640b7c28e4050b9db843e8769462c5894e9d8

Download Submit
\Users\Admin\AppData\Local\Temp\a304088994dd64cedd3a9d6a10953d9b.exe

Filesize
652KB

MD5
a19abca67cefc0d610d5c88a0b702266

SHA1
e275b8fb62d8b9c905dcd55ef7b42a8c0289bcc6

SHA256
00cba626206ec7a1b46c7895ce5b4427f7af0c2ce5f23f025a63dc5a3e4afbb6

SHA512
aa3db2f595f87c9d2bf55fca9f3e0c4fa6a17a100586df090252d9d61e3260fe67d013005cf59ecbd9adbd2ef40e7bb5e0c64e991d26c1b74c0d875478b1d1f9

Download Submit
memory/2200-1-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2200-3-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2200-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2200-0-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2200-16-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download
memory/2200-26-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download
memory/2576-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2576-18-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2576-19-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2576-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download