8dcd1dfd3d290a8338c0f760d5787fcfded0b0701d0796ac2a2ef124c757aaa7

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27-02-2024 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9d36952d784c0a8c8fc6bca2441b039.exe
Size

2.9MB
MD5

a9d36952d784c0a8c8fc6bca2441b039
SHA1

d26dd3a4b8aebace71aec4e94439bdd196b1cd37
SHA256

8dcd1dfd3d290a8338c0f760d5787fcfded0b0701d0796ac2a2ef124c757aaa7
SHA512

76139fbd1f6d647aab079520e59bb95c50a1fb69276a4f44b2baca2898a86b6d712b15a7fc2f9599d5d8e8dae20aa8db51eb52756d73d1a21120a85b4088d50a
SSDEEP

49152:SPLeMUQuJ6/lXuPKmK8Am4X+ym9Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:SPLJ/gPKR39mHau42c1joCjMPkNwk6

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2508	a9d36952d784c0a8c8fc6bca2441b039.exe

Executes dropped EXE 1 IoCs

pid	Process
2508	a9d36952d784c0a8c8fc6bca2441b039.exe

Loads dropped DLL 1 IoCs

pid	Process
1740	a9d36952d784c0a8c8fc6bca2441b039.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1740-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d000000012253-10.dat	upx
behavioral1/files/0x000d000000012253-15.dat	upx
behavioral1/memory/1740-14-0x0000000003950000-0x0000000003E3F000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1740	a9d36952d784c0a8c8fc6bca2441b039.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1740	a9d36952d784c0a8c8fc6bca2441b039.exe
2508	a9d36952d784c0a8c8fc6bca2441b039.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2508	1740	a9d36952d784c0a8c8fc6bca2441b039.exe	28
PID 1740 wrote to memory of 2508	1740	a9d36952d784c0a8c8fc6bca2441b039.exe	28
PID 1740 wrote to memory of 2508	1740	a9d36952d784c0a8c8fc6bca2441b039.exe	28
PID 1740 wrote to memory of 2508	1740	a9d36952d784c0a8c8fc6bca2441b039.exe	28

C:\Users\Admin\AppData\Local\Temp\a9d36952d784c0a8c8fc6bca2441b039.exe
"C:\Users\Admin\AppData\Local\Temp\a9d36952d784c0a8c8fc6bca2441b039.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\Temp\a9d36952d784c0a8c8fc6bca2441b039.exe
  C:\Users\Admin\AppData\Local\Temp\a9d36952d784c0a8c8fc6bca2441b039.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a9d36952d784c0a8c8fc6bca2441b039.exe

Filesize
2.9MB

MD5
ff3ead91a193e9fa25ec5a7b98625f4b

SHA1
fee0c6951737ef4b1feaaa5b556326c2007122de

SHA256
fa39755c123fa7cabad41d0a7d9b2dbf8b6c0e52246be46dbb48277a2428f66d

SHA512
ad81d2755c9137f863e0c910cb386fdbf37e48792f78f3ab0ef1cce797a7ca84ac1c0214c38eaacab95e347c985165ea4bed40ce34d5df59cee61553e6a2076b

Download Submit
\Users\Admin\AppData\Local\Temp\a9d36952d784c0a8c8fc6bca2441b039.exe

Filesize
832KB

MD5
4b7d39401fd95353a82cb12b8b4b8845

SHA1
b921ff06235b65dbbab66913679623cd7df22c6c

SHA256
124ed59e8800a1f5cfc4009dac3f072f4040430daa8dd20c22ac3f4a500cd6c6

SHA512
af2dab01486cb3607625655929e1d59b5a5b21491514e5e33bc4922e6ae572f0f7a45fa24194c85f3f67dc0c2ccc3f8758f980e209d1195f043480b2d6566474

Download Submit
memory/1740-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1740-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1740-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1740-14-0x0000000003950000-0x0000000003E3F000-memory.dmp

Filesize
4.9MB

Download
memory/1740-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2508-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2508-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2508-20-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2508-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2508-25-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/2508-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download