49d8aecc6196f3dc214973fdffea9ded711aa7605a005114a3fe6a703586bb04

Analysis

max time kernel
117s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 06:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab3f8c1fe61c257eef0e3382cd8d46ec.exe
Size

1.3MB
MD5

ab3f8c1fe61c257eef0e3382cd8d46ec
SHA1

3bd43571ffae4de66ed3fea724de446c63d3e5b2
SHA256

49d8aecc6196f3dc214973fdffea9ded711aa7605a005114a3fe6a703586bb04
SHA512

97cadd7e9e8e4213ac984bb65aef1c9725158390f8bfa04c58d6feca2f81a4cd76e4dadf5e7ad59417b3905c1e17e417c40820e63376813a18977625501cd145
SSDEEP

24576:DMGu83QbHT9rMV2RghMroUyKdK2UzV8LQ2BlJhoqyzwdvG:DM1nbHuV25cU82Ux81iqIw

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2060	ab3f8c1fe61c257eef0e3382cd8d46ec.exe

Executes dropped EXE 1 IoCs

pid	Process
2060	ab3f8c1fe61c257eef0e3382cd8d46ec.exe

Loads dropped DLL 1 IoCs

pid	Process
1252	ab3f8c1fe61c257eef0e3382cd8d46ec.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1252-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000b00000001224c-11.dat	upx
behavioral1/files/0x000b00000001224c-14.dat	upx
behavioral1/memory/2060-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1252	ab3f8c1fe61c257eef0e3382cd8d46ec.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1252	ab3f8c1fe61c257eef0e3382cd8d46ec.exe
2060	ab3f8c1fe61c257eef0e3382cd8d46ec.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2060	1252	ab3f8c1fe61c257eef0e3382cd8d46ec.exe	28
PID 1252 wrote to memory of 2060	1252	ab3f8c1fe61c257eef0e3382cd8d46ec.exe	28
PID 1252 wrote to memory of 2060	1252	ab3f8c1fe61c257eef0e3382cd8d46ec.exe	28
PID 1252 wrote to memory of 2060	1252	ab3f8c1fe61c257eef0e3382cd8d46ec.exe	28

C:\Users\Admin\AppData\Local\Temp\ab3f8c1fe61c257eef0e3382cd8d46ec.exe
"C:\Users\Admin\AppData\Local\Temp\ab3f8c1fe61c257eef0e3382cd8d46ec.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Users\Admin\AppData\Local\Temp\ab3f8c1fe61c257eef0e3382cd8d46ec.exe
  C:\Users\Admin\AppData\Local\Temp\ab3f8c1fe61c257eef0e3382cd8d46ec.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ab3f8c1fe61c257eef0e3382cd8d46ec.exe

Filesize
640KB

MD5
551bff2bbeb1cb576634c0297ec57986

SHA1
8314e8d617816340bcc4a8dfbbb1c5a4fad11f6e

SHA256
884611b350e41d428a57585c18b9a1f262db80996014d2898b588b49441473bc

SHA512
5587458b675b0164a07ac758ab1fae1624ec95d89189d5705b3d3af81a0802b478c62387e8ec34b70d195546b828790d5e663378546f2953c0b7d349472d1c2c

Download Submit
\Users\Admin\AppData\Local\Temp\ab3f8c1fe61c257eef0e3382cd8d46ec.exe

Filesize
886KB

MD5
6b4dfd6b91f6f4d9546914b2fcf20652

SHA1
f421171db8505b1ea7c9e7a1dbed373fc69a3d38

SHA256
cfbe83c21e1627e458ec56bbd12119a62a8e0f9ee1c91fa76c6179c978500cac

SHA512
ce7ee0bbd3b164dac286780f34c2d668ef85f283c499248fd2a103ddd498d83d7ebbd0419da630dc9fa0b1ae9e7c86950a4fc0c05089875765a715c44d59a574

Download Submit
memory/1252-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1252-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1252-2-0x00000000002A0000-0x00000000003B2000-memory.dmp

Filesize
1.1MB

Download
memory/1252-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2060-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2060-19-0x00000000002D0000-0x00000000003E2000-memory.dmp

Filesize
1.1MB

Download
memory/2060-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2060-25-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download