18e876ff3d4dc899fed4a103a97efe83a40118d2545e566329f71ac7d058903d

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 03:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aadec078d180e70937e58b0c35ffe96c.exe
Size

2.7MB
MD5

aadec078d180e70937e58b0c35ffe96c
SHA1

2469cb4a5af8fe784cc656375b2ccba3d4fcb3d9
SHA256

18e876ff3d4dc899fed4a103a97efe83a40118d2545e566329f71ac7d058903d
SHA512

75689f5f411d8cc1f84b75eacca551bed7cf8bf7be0bd19a01bea7213194b481399bd6d7d34f2246d5c90d683b1d5393826049c45c02f6bd23302e2ea793c7ac
SSDEEP

49152:wwunhPtdqZp5NnoHEtYG0ekXHPM4YePh8Dckbms9RE:wNhPt8Z7pyJGIvMGhexL9

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1784	aadec078d180e70937e58b0c35ffe96c.exe

Executes dropped EXE 1 IoCs

pid	Process
1784	aadec078d180e70937e58b0c35ffe96c.exe

Loads dropped DLL 1 IoCs

pid	Process
1300	aadec078d180e70937e58b0c35ffe96c.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1300-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000b00000001224c-11.dat	upx
behavioral1/files/0x000b00000001224c-16.dat	upx
behavioral1/memory/1300-15-0x0000000003820000-0x0000000003C8A000-memory.dmp	upx
behavioral1/memory/1784-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1300	aadec078d180e70937e58b0c35ffe96c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1300	aadec078d180e70937e58b0c35ffe96c.exe
1784	aadec078d180e70937e58b0c35ffe96c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1300 wrote to memory of 1784	1300	aadec078d180e70937e58b0c35ffe96c.exe	28
PID 1300 wrote to memory of 1784	1300	aadec078d180e70937e58b0c35ffe96c.exe	28
PID 1300 wrote to memory of 1784	1300	aadec078d180e70937e58b0c35ffe96c.exe	28
PID 1300 wrote to memory of 1784	1300	aadec078d180e70937e58b0c35ffe96c.exe	28

C:\Users\Admin\AppData\Local\Temp\aadec078d180e70937e58b0c35ffe96c.exe
"C:\Users\Admin\AppData\Local\Temp\aadec078d180e70937e58b0c35ffe96c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1300
- C:\Users\Admin\AppData\Local\Temp\aadec078d180e70937e58b0c35ffe96c.exe
  C:\Users\Admin\AppData\Local\Temp\aadec078d180e70937e58b0c35ffe96c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\aadec078d180e70937e58b0c35ffe96c.exe

Filesize
325KB

MD5
7d0c309f504a70216f0d631c6e91bf22

SHA1
3e778f1b10fefa4a67a8d22476e040400cbf5414

SHA256
eb122f90ab599165ded86c3b667efa31b82171da3c7aedf42ab0519b9db2fbc4

SHA512
21416c3827c705762e3bcb3e49b7e081087bea24a3e48ba4409d0d2a7ad8f09da3822030350ac3b07af5d5551b23fc0648a9a3d78ddd8cf582f4b36721ad7120

Download Submit
\Users\Admin\AppData\Local\Temp\aadec078d180e70937e58b0c35ffe96c.exe

Filesize
768KB

MD5
e16563f12a9c71291d67d20d6b531e58

SHA1
43dc5c9d070c923af7fa1e88c40d0e91d600bb00

SHA256
40a893501ba506ae73f683bc6b2099bc48b10aaa88a735f7d848f885dc5de51d

SHA512
0d591ba7b6472bd6a13f34c2acba2c13257bcea2fab7c2ea65dbb15c55aa7d976d8b6de088cdbe17a3f3a96fc0b4cab6029bee4ae6557dea3e2f0a86a0ba72c6

Download Submit
memory/1300-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1300-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1300-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/1300-15-0x0000000003820000-0x0000000003C8A000-memory.dmp

Filesize
4.4MB

Download
memory/1300-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1300-26-0x0000000003820000-0x0000000003C8A000-memory.dmp

Filesize
4.4MB

Download
memory/1784-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1784-20-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/1784-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1784-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download