ddf78e30605e31fa01e0a0368c7615e9f4e2181f94e85633f597424c3ed78872

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 00:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad4a514d2475ccbafe6872e566dc1fd2.exe
Size

5.8MB
MD5

ad4a514d2475ccbafe6872e566dc1fd2
SHA1

853ae9abb439f739581cb8dfce804bae7f4d5d0b
SHA256

ddf78e30605e31fa01e0a0368c7615e9f4e2181f94e85633f597424c3ed78872
SHA512

ed40f9c366dcbc516c6d86f88cf5c4ef407d7f586f70e7de6ae013d79d9d3b964e327410074371706a6d88c695cd174deb89acbbb5c6487975ce4f5173baff6f
SSDEEP

98304:23GOwc0jEZiGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:2WOwnj28GhRaaCkN9qHGhRa

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2516	ad4a514d2475ccbafe6872e566dc1fd2.exe

Executes dropped EXE 1 IoCs

pid	Process
2516	ad4a514d2475ccbafe6872e566dc1fd2.exe

Loads dropped DLL 1 IoCs

pid	Process
2216	ad4a514d2475ccbafe6872e566dc1fd2.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2216-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000e00000001224e-13.dat	upx
behavioral1/files/0x000e00000001224e-10.dat	upx
behavioral1/memory/2516-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2216	ad4a514d2475ccbafe6872e566dc1fd2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2216	ad4a514d2475ccbafe6872e566dc1fd2.exe
2516	ad4a514d2475ccbafe6872e566dc1fd2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2516	2216	ad4a514d2475ccbafe6872e566dc1fd2.exe	28
PID 2216 wrote to memory of 2516	2216	ad4a514d2475ccbafe6872e566dc1fd2.exe	28
PID 2216 wrote to memory of 2516	2216	ad4a514d2475ccbafe6872e566dc1fd2.exe	28
PID 2216 wrote to memory of 2516	2216	ad4a514d2475ccbafe6872e566dc1fd2.exe	28

C:\Users\Admin\AppData\Local\Temp\ad4a514d2475ccbafe6872e566dc1fd2.exe
"C:\Users\Admin\AppData\Local\Temp\ad4a514d2475ccbafe6872e566dc1fd2.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Users\Admin\AppData\Local\Temp\ad4a514d2475ccbafe6872e566dc1fd2.exe
  C:\Users\Admin\AppData\Local\Temp\ad4a514d2475ccbafe6872e566dc1fd2.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ad4a514d2475ccbafe6872e566dc1fd2.exe

Filesize
505KB

MD5
d5033d2d9dd1af37696c34fecaca3abd

SHA1
82128be14bba01a0b4519196018a273da2fb1d20

SHA256
843231eb8157d216b7e2e771188f90f2ecc4637d5cbc25b57302499d24526590

SHA512
fec9098e29836551223bf14cc8f6a74bd1538d467d73a9a4a563f7b43cda5cad30970d4584336567a1319c1fadc04a1d39633ba9a4af7853378dd810052ca736

Download Submit
\Users\Admin\AppData\Local\Temp\ad4a514d2475ccbafe6872e566dc1fd2.exe

Filesize
1.1MB

MD5
6b5d520314d64262733bcae65604250d

SHA1
00332bdb1224a97f81fc4dcb1feb18883c62acc3

SHA256
4fb28a0c6d662c4408372299c691bec9d8511afff8175254a5675fe3ee8fb22e

SHA512
405ed8cc84c2436384d5f35de1884aeefd0088d86d1874d3c548dc3fed9c4125bca3148b0c6fbdd5d754cee86658770971debdeed5015cc7f7eda49574749e72

Download Submit
memory/2216-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2216-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2216-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2216-15-0x0000000003EB0000-0x000000000439F000-memory.dmp

Filesize
4.9MB

Download
memory/2216-2-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/2216-31-0x0000000003EB0000-0x000000000439F000-memory.dmp

Filesize
4.9MB

Download
memory/2516-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2516-18-0x0000000000290000-0x00000000003C3000-memory.dmp

Filesize
1.2MB

Download
memory/2516-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2516-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2516-24-0x0000000003520000-0x000000000374A000-memory.dmp

Filesize
2.2MB

Download
memory/2516-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download