a8a17a5065108c7d04210fd5b6848983d38a4380e9a9da1216d5c53d2bff45fc

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac824d47a4d15778dd74790edb519291.exe
Size

1.3MB
MD5

ac824d47a4d15778dd74790edb519291
SHA1

a98d534d1b43b662fd2abda00c4e7583ffebb1df
SHA256

a8a17a5065108c7d04210fd5b6848983d38a4380e9a9da1216d5c53d2bff45fc
SHA512

37061d5e9a4c6e206c55fbac981cacde238e68249db56edc7d0378bb56f99a4b3c63ff7eab697ff5be6238b7a2f74156dc91fafb1e4de856317b311c583d48c7
SSDEEP

24576:TTTV6bRa7ACGDHpepiMLGN4o0nMyB/lTUEPIW2KujNFjRekvG:TTTwRq4WPuQMyBmaEKujXj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2112	ac824d47a4d15778dd74790edb519291.exe

Executes dropped EXE 1 IoCs

pid	Process
2112	ac824d47a4d15778dd74790edb519291.exe

Loads dropped DLL 1 IoCs

pid	Process
1424	ac824d47a4d15778dd74790edb519291.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1424-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0009000000012251-11.dat	upx
behavioral1/files/0x0009000000012251-13.dat	upx
behavioral1/memory/1424-16-0x00000000034F0000-0x000000000395A000-memory.dmp	upx
behavioral1/memory/2112-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0009000000012251-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1424	ac824d47a4d15778dd74790edb519291.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1424	ac824d47a4d15778dd74790edb519291.exe
2112	ac824d47a4d15778dd74790edb519291.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 2112	1424	ac824d47a4d15778dd74790edb519291.exe	28
PID 1424 wrote to memory of 2112	1424	ac824d47a4d15778dd74790edb519291.exe	28
PID 1424 wrote to memory of 2112	1424	ac824d47a4d15778dd74790edb519291.exe	28
PID 1424 wrote to memory of 2112	1424	ac824d47a4d15778dd74790edb519291.exe	28

C:\Users\Admin\AppData\Local\Temp\ac824d47a4d15778dd74790edb519291.exe
"C:\Users\Admin\AppData\Local\Temp\ac824d47a4d15778dd74790edb519291.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Users\Admin\AppData\Local\Temp\ac824d47a4d15778dd74790edb519291.exe
  C:\Users\Admin\AppData\Local\Temp\ac824d47a4d15778dd74790edb519291.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ac824d47a4d15778dd74790edb519291.exe

Filesize
322KB

MD5
6a5bd001e9151e84fc25c5c6cc4f59cd

SHA1
ef27e25326cf476d75a6627257c3fc37063c1724

SHA256
f6b9e579a4711ee08ad18deaea52c143fb3ddf18d7e83310a1ba93fed536d32b

SHA512
a4f76b592a863cc7e2ac084d13928404dbf216a3b622fc1690921c07a694d4bd460eb9b7e1ba09f588cf2966e89878487c97325667d3bba5ff6413fed1ea90d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ac824d47a4d15778dd74790edb519291.exe

Filesize
320KB

MD5
7d7e63ea7b8555e38fe05fa051330d2f

SHA1
57e73183116678a6918dab9130a6bebb09dda0fd

SHA256
0df8bb9123d01f4c26a5151bc2a027971905dd3bd80f89c419d91e428e99e078

SHA512
6d68d14bb81d39b71b257e6394db9ec2d889351b156b719cc0cbbc8c24c99d7304658443b370adb26aeb40d265f9692bb01ed666eef530a6b29ab5b1effd1c5a

Download Submit
\Users\Admin\AppData\Local\Temp\ac824d47a4d15778dd74790edb519291.exe

Filesize
1024KB

MD5
d996d97404e998c0e20890952d5b93e8

SHA1
cd6978b0456b56241780266ca02989cb423b0b44

SHA256
5f4ff44bd88f2db9421e761a89e53aaf4f23d337e1e2288ef02a10c0046a032f

SHA512
dfa7d143b61a8f4ca71e93e35fc51e04430d81ed8c3ec00d3d700136cc1f8b27c9a1e8043298aca88badf55eebd35478ddc541c63c590d301a520feb7ba03ee5

Download Submit
memory/1424-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1424-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1424-16-0x00000000034F0000-0x000000000395A000-memory.dmp

Filesize
4.4MB

Download
memory/1424-1-0x0000000000260000-0x0000000000372000-memory.dmp

Filesize
1.1MB

Download
memory/1424-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1424-26-0x00000000034F0000-0x000000000395A000-memory.dmp

Filesize
4.4MB

Download
memory/2112-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2112-20-0x0000000000230000-0x0000000000342000-memory.dmp

Filesize
1.1MB

Download
memory/2112-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2112-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download