6d55e79bb55fad76546840788e578e9278b5ad6bbe677af93b3d11fb039d24ff

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad594fae5bc68f1248c22f593f22902d.exe
Size

2.7MB
MD5

ad594fae5bc68f1248c22f593f22902d
SHA1

bd2027baefcb38a2b733e0ec2d73201ea9f87752
SHA256

6d55e79bb55fad76546840788e578e9278b5ad6bbe677af93b3d11fb039d24ff
SHA512

7bb77178bbb595f2ca626de65be13ce7ec535c96e956cdbb6e28ff19c509439242e0d690a68464e47447c533dc3250bff2f180408f1b80d599c2676010f42838
SSDEEP

49152:UK/+53LaGY6FXLz0nHEr5AU5qi98pkBccxrQSQlziza6Y8bYQp:h/+JXJfWEr5AU4i9z1x9Qlzbkp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
860	ad594fae5bc68f1248c22f593f22902d.exe

Executes dropped EXE 1 IoCs

pid	Process
860	ad594fae5bc68f1248c22f593f22902d.exe

Loads dropped DLL 1 IoCs

pid	Process
1868	ad594fae5bc68f1248c22f593f22902d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1868-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000700000001225f-10.dat	upx
behavioral1/memory/860-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1868	ad594fae5bc68f1248c22f593f22902d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1868	ad594fae5bc68f1248c22f593f22902d.exe
860	ad594fae5bc68f1248c22f593f22902d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 860	1868	ad594fae5bc68f1248c22f593f22902d.exe	28
PID 1868 wrote to memory of 860	1868	ad594fae5bc68f1248c22f593f22902d.exe	28
PID 1868 wrote to memory of 860	1868	ad594fae5bc68f1248c22f593f22902d.exe	28
PID 1868 wrote to memory of 860	1868	ad594fae5bc68f1248c22f593f22902d.exe	28

C:\Users\Admin\AppData\Local\Temp\ad594fae5bc68f1248c22f593f22902d.exe
"C:\Users\Admin\AppData\Local\Temp\ad594fae5bc68f1248c22f593f22902d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Users\Admin\AppData\Local\Temp\ad594fae5bc68f1248c22f593f22902d.exe
  C:\Users\Admin\AppData\Local\Temp\ad594fae5bc68f1248c22f593f22902d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\ad594fae5bc68f1248c22f593f22902d.exe

Filesize
2.7MB

MD5
e80f2fd9ea27b624ad8034590b485a95

SHA1
ce426a0938ce4ee3f588df81ade9cab1aea7cd6e

SHA256
4465e775ed27339996a0f78522d484ff875e40971f08820aadda69bff7a06da3

SHA512
1aaf442c47534038521ae4bc3e70eea7544b5a1dc549a5c1f110587d8e8ae655a1d6c879e7f01a45f275d5f5871ebe8587624fba7db3a0c01cd5d37816db73db

Download Submit
memory/860-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/860-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/860-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/860-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/860-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/860-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1868-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1868-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1868-15-0x0000000003900000-0x0000000003DEF000-memory.dmp

Filesize
4.9MB

Download
memory/1868-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1868-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1868-31-0x0000000003900000-0x0000000003DEF000-memory.dmp

Filesize
4.9MB

Download