4229fec90d8ef553f1dbaa876686f396a10fc2b5bcfaba8d7f643f71acb03c23

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-02-2024 04:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a842bc63359dc2b98f8805c404c9f284.exe
Size

2.7MB
MD5

a842bc63359dc2b98f8805c404c9f284
SHA1

58c326f4195bd1c96384f236e3fd52090fbd94aa
SHA256

4229fec90d8ef553f1dbaa876686f396a10fc2b5bcfaba8d7f643f71acb03c23
SHA512

eedaf6c3f878a38986ca7f9525536928f6a33c0d43c10fdf018fa7d44fa398b177be54bf267dcb59ac0a22448abe78549a4db85be197302c378595ecee5d4d61
SSDEEP

49152:vMLnJOP465KmPmas/wiVFjvLSXiNDAnbyDA8ZgQt+lJ:vyIP75Kn1wy1vLasqGDsNJ

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

a842bc63359dc2b98f8805c404c9f284.exe

pid process

2868 a842bc63359dc2b98f8805c404c9f284.exe
Executes dropped EXE 1 IoCs

Processes:

a842bc63359dc2b98f8805c404c9f284.exe

pid process

2868 a842bc63359dc2b98f8805c404c9f284.exe
Loads dropped DLL 1 IoCs

Processes:

a842bc63359dc2b98f8805c404c9f284.exe

pid process

1848 a842bc63359dc2b98f8805c404c9f284.exe

pid	process
2868	a842bc63359dc2b98f8805c404c9f284.exe

pid	process
2868	a842bc63359dc2b98f8805c404c9f284.exe

pid	process
1848	a842bc63359dc2b98f8805c404c9f284.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1848-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\a842bc63359dc2b98f8805c404c9f284.exe	upx
behavioral1/memory/1848-16-0x0000000003820000-0x0000000003C8A000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\a842bc63359dc2b98f8805c404c9f284.exe	upx

Suspicious behavior: RenamesItself 1 IoCs

Processes:

a842bc63359dc2b98f8805c404c9f284.exe

pid process

1848 a842bc63359dc2b98f8805c404c9f284.exe
Suspicious use of UnmapMainImage 2 IoCs

Processes:

a842bc63359dc2b98f8805c404c9f284.exea842bc63359dc2b98f8805c404c9f284.exe

pid process

1848 a842bc63359dc2b98f8805c404c9f284.exe
2868 a842bc63359dc2b98f8805c404c9f284.exe

pid	process
1848	a842bc63359dc2b98f8805c404c9f284.exe

pid	process
1848	a842bc63359dc2b98f8805c404c9f284.exe
2868	a842bc63359dc2b98f8805c404c9f284.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

a842bc63359dc2b98f8805c404c9f284.exe

description	pid	process	target process
PID 1848 wrote to memory of 2868	1848	a842bc63359dc2b98f8805c404c9f284.exe	a842bc63359dc2b98f8805c404c9f284.exe
PID 1848 wrote to memory of 2868	1848	a842bc63359dc2b98f8805c404c9f284.exe	a842bc63359dc2b98f8805c404c9f284.exe
PID 1848 wrote to memory of 2868	1848	a842bc63359dc2b98f8805c404c9f284.exe	a842bc63359dc2b98f8805c404c9f284.exe
PID 1848 wrote to memory of 2868	1848	a842bc63359dc2b98f8805c404c9f284.exe	a842bc63359dc2b98f8805c404c9f284.exe

C:\Users\Admin\AppData\Local\Temp\a842bc63359dc2b98f8805c404c9f284.exe
"C:\Users\Admin\AppData\Local\Temp\a842bc63359dc2b98f8805c404c9f284.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1848

C:\Users\Admin\AppData\Local\Temp\a842bc63359dc2b98f8805c404c9f284.exe
C:\Users\Admin\AppData\Local\Temp\a842bc63359dc2b98f8805c404c9f284.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a842bc63359dc2b98f8805c404c9f284.exe
Filesize
1.3MB

MD5
2993aec2cace37800338262afa695394

SHA1
54b682daa5622b195f980ab4d6cc62507db79d64

SHA256
18d89e0bed0a2ce4967008aec9b06279ae688c7a3feb0426499ffb6e590c50c0

SHA512
aec4088261d13843d947d6403c9aadcb2d083d75e2b3b5c6f79a5775f5f4021f8e4a5686c487bf2ff217c1933a39b10576baf61376d098f21ee4d7ebe29db242

Download Submit
\Users\Admin\AppData\Local\Temp\a842bc63359dc2b98f8805c404c9f284.exe
Filesize
1.3MB

MD5
e40324a37918b29fc9a23779276cac8b

SHA1
0790cb34b9d10ee9c3532f5def5d90ff87e3ff49

SHA256
516879c1c556ed9639c66dde8e858c27099d41530d06c21b5aa9392cec3696dc

SHA512
bed6626e358e224d351334d9c5305be6300d34033dd15ebcbe080e7623ec329e8f8bc68944b4151ee879065b1909d9a0033a1b9631c51ae6687cf406d5e65250

Download Submit
memory/1848-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1848-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/1848-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1848-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1848-16-0x0000000003820000-0x0000000003C8A000-memory.dmp

Filesize
4.4MB

Download
memory/1848-26-0x0000000003820000-0x0000000003C8A000-memory.dmp

Filesize
4.4MB

Download
memory/2868-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2868-20-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2868-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2868-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download