3c093695f4b07e2c15080f879fed460df1488ae2e5c463d192e7e78ac1114fed

Analysis

max time kernel
120s
max time network
177s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3e5706af5771d6d08c34629de1545d4.exe
Size

2.9MB
MD5

a3e5706af5771d6d08c34629de1545d4
SHA1

fd5105546841e33fcf81d9e959a568b5d0f51f34
SHA256

3c093695f4b07e2c15080f879fed460df1488ae2e5c463d192e7e78ac1114fed
SHA512

887b47e1f7cbab463f8c46915cb67b6d0360c5537f6aa73ff3a190ab503ab3e68acb60cdef0088102106aa730b7b0b22b946c96c72697febdd7dfaaaf4bd2d83
SSDEEP

49152:B/QVUtSoEbKb/Aa8VjX91o+0/C8c32vSP4M338dB2IBlGuuDVUsdxxjeQZwxPYRr:B/QGtPMKb/8O4R3xgg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2688	a3e5706af5771d6d08c34629de1545d4.exe

Executes dropped EXE 1 IoCs

pid	Process
2688	a3e5706af5771d6d08c34629de1545d4.exe

Loads dropped DLL 1 IoCs

pid	Process
1944	a3e5706af5771d6d08c34629de1545d4.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1944-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0028000000012265-10.dat	upx
behavioral1/files/0x0028000000012265-15.dat	upx
behavioral1/memory/2688-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/1944-13-0x00000000037F0000-0x0000000003CDF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1944	a3e5706af5771d6d08c34629de1545d4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1944	a3e5706af5771d6d08c34629de1545d4.exe
2688	a3e5706af5771d6d08c34629de1545d4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2688	1944	a3e5706af5771d6d08c34629de1545d4.exe	29
PID 1944 wrote to memory of 2688	1944	a3e5706af5771d6d08c34629de1545d4.exe	29
PID 1944 wrote to memory of 2688	1944	a3e5706af5771d6d08c34629de1545d4.exe	29
PID 1944 wrote to memory of 2688	1944	a3e5706af5771d6d08c34629de1545d4.exe	29

C:\Users\Admin\AppData\Local\Temp\a3e5706af5771d6d08c34629de1545d4.exe
"C:\Users\Admin\AppData\Local\Temp\a3e5706af5771d6d08c34629de1545d4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Users\Admin\AppData\Local\Temp\a3e5706af5771d6d08c34629de1545d4.exe
  C:\Users\Admin\AppData\Local\Temp\a3e5706af5771d6d08c34629de1545d4.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a3e5706af5771d6d08c34629de1545d4.exe

Filesize
640KB

MD5
c68c2778c1f480c652861a005e210e7a

SHA1
5f110e2f9a8c3a96b96c90ae498fc7675e435e91

SHA256
60d7da4f0373022004a87aabaed7668427fb542fbe8df8dde3e5ec23791ae299

SHA512
51f7158378cda48fb32dcedc68c2693163d470dbdb564023937eb8b7219c6d0492228b2dd94d273ce5bef790a4d9fbeb878e0e1892a9e9194800d10e806ac065

Download Submit
\Users\Admin\AppData\Local\Temp\a3e5706af5771d6d08c34629de1545d4.exe

Filesize
1.1MB

MD5
63d152807ffd2127be86aab29d19197b

SHA1
4d18c0dea92d1919f175a8bc4348e62508f68cd5

SHA256
8d7e1103ac66d80074532cc22a9f06649119954750fa35b57ed43db734f167ca

SHA512
61bb86cdd28d8eb8a0b8634099c30da337aef7063afb6bf11cf8e4f8c0e8817d678253751045feb79766b6fb5b19ba34997a820f3c665c4091c391f2d32967b5

Download Submit
memory/1944-13-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/1944-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1944-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1944-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1944-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1944-30-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2688-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2688-19-0x0000000000240000-0x0000000000373000-memory.dmp

Filesize
1.2MB

Download
memory/2688-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2688-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2688-24-0x0000000003660000-0x000000000388A000-memory.dmp

Filesize
2.2MB

Download
memory/2688-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download