d6f78f9c1cbe7f01ef97cb6b384296b5d9ecec480e9d68e16e7a21f69c895db5

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 16:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac485292bf72ab2700ed458b641308a6.exe
Size

5.8MB
MD5

ac485292bf72ab2700ed458b641308a6
SHA1

2000f65e037e3ad198a20637cf7f4b1541658c8f
SHA256

d6f78f9c1cbe7f01ef97cb6b384296b5d9ecec480e9d68e16e7a21f69c895db5
SHA512

917a2e6d7acbb0f0cdd563b77dc93d79a020b82570e2169eb742e98439eee87572968641ab555cc72d272532c7c83e7f4aad51b94d9b642b62d5cf740f401c81
SSDEEP

98304:rwonZXuHOtruvshvWCgg3gnl/IVUs1jePsSNZXmri/2kSmiLgg3gnl/IVUs1jePs:04riv2Pgl/iBiPRNoriBAgl/iBiP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2940	ac485292bf72ab2700ed458b641308a6.exe

Executes dropped EXE 1 IoCs

pid	Process
2940	ac485292bf72ab2700ed458b641308a6.exe

Loads dropped DLL 1 IoCs

pid	Process
2260	ac485292bf72ab2700ed458b641308a6.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2260-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012254-10.dat	upx
behavioral1/files/0x0008000000012254-15.dat	upx
behavioral1/memory/2940-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2260-13-0x00000000040C0000-0x00000000045AF000-memory.dmp	upx
behavioral1/files/0x0008000000012254-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2260	ac485292bf72ab2700ed458b641308a6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2260	ac485292bf72ab2700ed458b641308a6.exe
2940	ac485292bf72ab2700ed458b641308a6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 2940	2260	ac485292bf72ab2700ed458b641308a6.exe	27
PID 2260 wrote to memory of 2940	2260	ac485292bf72ab2700ed458b641308a6.exe	27
PID 2260 wrote to memory of 2940	2260	ac485292bf72ab2700ed458b641308a6.exe	27
PID 2260 wrote to memory of 2940	2260	ac485292bf72ab2700ed458b641308a6.exe	27

C:\Users\Admin\AppData\Local\Temp\ac485292bf72ab2700ed458b641308a6.exe
"C:\Users\Admin\AppData\Local\Temp\ac485292bf72ab2700ed458b641308a6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Users\Admin\AppData\Local\Temp\ac485292bf72ab2700ed458b641308a6.exe
  C:\Users\Admin\AppData\Local\Temp\ac485292bf72ab2700ed458b641308a6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ac485292bf72ab2700ed458b641308a6.exe

Filesize
3.4MB

MD5
04f73aa159e3864442a82f416bfa8aaa

SHA1
0312af938b705d189bf06c40b97bfee631483160

SHA256
5eaa0f595a43206ced6525d4a071560ec5cf6c822b74c1b2af002869ae74e3ad

SHA512
439b46ed8df64bb3200431d87c7fb40cc3f3fe7ad8b095343685307ac96492b7d193a7265573d7e5d8619b8614f7005dfc8f124b9da5a2c83e339e577e1db092

Download Submit
C:\Users\Admin\AppData\Local\Temp\ac485292bf72ab2700ed458b641308a6.exe

Filesize
2.9MB

MD5
4cafcb9102059da1fd87c8e47e49f509

SHA1
b9868de6d5a5bd997da1756b18e27fc7836c0453

SHA256
7d42471372ea8171461cfe3ccd3aff5303e2e3ffb03281a6163e79670ac3fe1f

SHA512
01b6d98daebbe230b3d5a6b273daf0eab1966d7ea3be895651746be6945fbd5bd1f9ccdc6a8adfc1d5eac27f9b07cd11fd337ded7fa520029508ec89656a2d63

Download Submit
\Users\Admin\AppData\Local\Temp\ac485292bf72ab2700ed458b641308a6.exe

Filesize
2.2MB

MD5
bc7d9018bc464a574b40903489c294a9

SHA1
3b7e50b04b3c9906eae5ed7e4730d1b03801f6cc

SHA256
b333a013f0afcc991ce5f5a4563ca217bc1929b7b8bbe4c9511d3a33691b5147

SHA512
e5070042aa1fb0b3154de0d76ded06506a4a9ab9251c296d5e70f7a520cbfc9364f90e17e775005c5cb3c0f47f87e7af4fe7aa130421b66e1da2ed8a0420f494

Download Submit
memory/2260-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2260-2-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2260-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2260-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2260-13-0x00000000040C0000-0x00000000045AF000-memory.dmp

Filesize
4.9MB

Download
memory/2940-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2940-17-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2940-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2940-25-0x0000000003420000-0x000000000364A000-memory.dmp

Filesize
2.2MB

Download
memory/2940-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2940-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download