56570c73f058f28a5a9de2f3dc6fb326e78ae87ad89871c9f24f93ebc1020f88

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/02/2024, 17:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a9b50a5c2112e60d06cfe7a5b7e8acc4.exe
Size

5.8MB
MD5

a9b50a5c2112e60d06cfe7a5b7e8acc4
SHA1

ed7a2dd52e4e8f4ba7b2a766a1b286a263c0d1ea
SHA256

56570c73f058f28a5a9de2f3dc6fb326e78ae87ad89871c9f24f93ebc1020f88
SHA512

0c9e0acaf658db50d9b1b33222a5ea0c3fa82da463280ff06b9afb97c09e5c2868da1397f8c852bfd87c0dd7e137d7115b6620d3c654b4bfe7b247b3c0d4c8ea
SSDEEP

98304:m6V41LxVdSDzOqOgg3gnl/IVUs1jePs3GLFvq5gytRSZ2gg3gnl/IVUs1jePs:7V2LVSDzogl/iBiPVLFHytYZygl/iBiP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2516	a9b50a5c2112e60d06cfe7a5b7e8acc4.exe

Executes dropped EXE 1 IoCs

pid	Process
2516	a9b50a5c2112e60d06cfe7a5b7e8acc4.exe

Loads dropped DLL 1 IoCs

pid	Process
2508	a9b50a5c2112e60d06cfe7a5b7e8acc4.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2508-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000800000001222a-10.dat	upx
behavioral1/memory/2508-15-0x0000000003DD0000-0x00000000042BF000-memory.dmp	upx
behavioral1/files/0x000800000001222a-14.dat	upx
behavioral1/memory/2516-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2508	a9b50a5c2112e60d06cfe7a5b7e8acc4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2508	a9b50a5c2112e60d06cfe7a5b7e8acc4.exe
2516	a9b50a5c2112e60d06cfe7a5b7e8acc4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2516	2508	a9b50a5c2112e60d06cfe7a5b7e8acc4.exe	28
PID 2508 wrote to memory of 2516	2508	a9b50a5c2112e60d06cfe7a5b7e8acc4.exe	28
PID 2508 wrote to memory of 2516	2508	a9b50a5c2112e60d06cfe7a5b7e8acc4.exe	28
PID 2508 wrote to memory of 2516	2508	a9b50a5c2112e60d06cfe7a5b7e8acc4.exe	28

C:\Users\Admin\AppData\Local\Temp\a9b50a5c2112e60d06cfe7a5b7e8acc4.exe
"C:\Users\Admin\AppData\Local\Temp\a9b50a5c2112e60d06cfe7a5b7e8acc4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Users\Admin\AppData\Local\Temp\a9b50a5c2112e60d06cfe7a5b7e8acc4.exe
  C:\Users\Admin\AppData\Local\Temp\a9b50a5c2112e60d06cfe7a5b7e8acc4.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a9b50a5c2112e60d06cfe7a5b7e8acc4.exe

Filesize
1.3MB

MD5
79e7baef7157c1e85f47c26d12091e1b

SHA1
9b3c4b3e86af0adf501b09ed8378045143738e6a

SHA256
f8ad3c47f5d3736471d616192d01de86e2e634b9e2f6684b0641b58127dcd68e

SHA512
b9ecbe01e2c516c2a1022a041407382b74372b60a5afe9f953adbbccf0ab895b6ff6465724e652b4f4b5eeccc9e7082e48770e38773fb3376aecef1b2038757b

Download Submit
\Users\Admin\AppData\Local\Temp\a9b50a5c2112e60d06cfe7a5b7e8acc4.exe

Filesize
1.9MB

MD5
2029d305a32fd51f66d1aad3b6f86e2a

SHA1
b679f2ad1e4ce423ee849f201fc4b3af1c7ef3ea

SHA256
ef34c9fac67fff9218d4562cb125031ef80211b46e022a8f7eece70630b4266d

SHA512
a5717d7e56279427978574b605fddc24997da91f7ad9db8df15defd7b2269e11c60bf7662a0ab0cfe36bf72cf91e0ba96688d7fcf6482a1a15aed23f8cee2249

Download Submit
memory/2508-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2508-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2508-15-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2508-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2508-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2508-31-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2516-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2516-19-0x0000000000240000-0x0000000000373000-memory.dmp

Filesize
1.2MB

Download
memory/2516-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2516-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2516-24-0x0000000003660000-0x000000000388A000-memory.dmp

Filesize
2.2MB

Download
memory/2516-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download