Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
25-02-2024 16:32
General
-
Target
a44138ffe164284f6b12a31c9eeb4dbd.exe
-
Size
2.9MB
-
MD5
a44138ffe164284f6b12a31c9eeb4dbd
-
SHA1
a04fbff926dddaa82ec3379d13caa18a1d859518
-
SHA256
434c7e677964ada8dc9240630c6dd9ceaa983b01ab9bc1051be128091a5de847
-
SHA512
424197b8e74ab648ccac68a5e1e17220c088a561f4a7c427aa67028b5102a2ea5293c8ffaa32dd295c91262c45d666cbba82b97129b353955c9b3bba27851f60
-
SSDEEP
49152:bRw4B5c6GKgdB3BbOwB+Q0iy6phh7bpGYSq1nuV62dUk5oJ:tpfc6XgJbOwB+biychhxGxOnuvdUk5oJ
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of UnmapMainImage 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a44138ffe164284f6b12a31c9eeb4dbd.exe"C:\Users\Admin\AppData\Local\Temp\a44138ffe164284f6b12a31c9eeb4dbd.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\a44138ffe164284f6b12a31c9eeb4dbd.exeC:\Users\Admin\AppData\Local\Temp\a44138ffe164284f6b12a31c9eeb4dbd.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\a44138ffe164284f6b12a31c9eeb4dbd.exeFilesize
2.9MB
MD52d57273b28541cbbcd4ddfd8a1c9ca2c
SHA17bb829f0f6a4cfd69f445e46091907aea6065adc
SHA2567988fb5c1e60ae790166b181f7fe8c04ae4bf6c93ae3c69224488902f877af9d
SHA512e4ad837aa334d884409b6864fa9143320b5200414d4cbe3ceff2c893b03277e7dfda872640d692c257612a9af7ae385b6cc8098f983f413a7c8d5e1db2037228
-
C:\Users\Admin\AppData\Local\Temp\a44138ffe164284f6b12a31c9eeb4dbd.exeFilesize
256KB
MD58d944fa3ec3b5b853b7a85550bffec40
SHA181d85815a2a6464c33c727e954bed5cf768cb4d3
SHA2562d217c3d1b3b8ca6a61dca3bb66d1d84c5c0e2b249dcf4e8b63cf6fa62b9b4d7
SHA5124a5823e131b7f373c2ab9e10dda4c1146397eb13a011c9ace125a54e397ab2e8f4c362152ac0cb1aff369ec9fee8883c54df017cf1e5cbcfecccc5fc97f824a0
-
\Users\Admin\AppData\Local\Temp\a44138ffe164284f6b12a31c9eeb4dbd.exeFilesize
384KB
MD55617b425ee2273b921aa2cbf60ef41f1
SHA181c67e6108d6511296929b72e4ef368aa75ac58f
SHA256f4d801369125ee153e18fde2eed6f25f7048540ffae505597b7d3848c2d73224
SHA51243f3431f4c2786860176226ab5249dcd05b30fc64c69e63ca61d062eff1cb2e2821d7a32bef564ae93cbb4172f8429feffb2e2ee21ee4a3777d0b36c8730c0d6
-
memory/1900-14-0x0000000000400000-0x000000000062A000-memory.dmpFilesize
2.2MB
-
memory/1900-2-0x0000000000400000-0x000000000062A000-memory.dmpFilesize
2.2MB
-
memory/1900-0-0x0000000000400000-0x00000000008EF000-memory.dmpFilesize
4.9MB
-
memory/1900-15-0x0000000003980000-0x0000000003E6F000-memory.dmpFilesize
4.9MB
-
memory/1900-1-0x0000000001B20000-0x0000000001C53000-memory.dmpFilesize
1.2MB
-
memory/1900-31-0x0000000003980000-0x0000000003E6F000-memory.dmpFilesize
4.9MB
-
memory/2192-16-0x0000000000400000-0x00000000008EF000-memory.dmpFilesize
4.9MB
-
memory/2192-18-0x00000000018F0000-0x0000000001A23000-memory.dmpFilesize
1.2MB
-
memory/2192-17-0x0000000000400000-0x000000000062A000-memory.dmpFilesize
2.2MB
-
memory/2192-23-0x0000000000400000-0x000000000061D000-memory.dmpFilesize
2.1MB
-
memory/2192-24-0x0000000003560000-0x000000000378A000-memory.dmpFilesize
2.2MB
-
memory/2192-32-0x0000000000400000-0x00000000008EF000-memory.dmpFilesize
4.9MB