f766da895695a554d99745d7f55e37d3eb427bffbbcb4f6d37ca0306cc197844

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

adfdba51de0fc3818e573713538a1cdc.exe
Size

2.7MB
MD5

adfdba51de0fc3818e573713538a1cdc
SHA1

a58eff882ff7078dde38743e73fae99aa24eb01a
SHA256

f766da895695a554d99745d7f55e37d3eb427bffbbcb4f6d37ca0306cc197844
SHA512

342fe8c11e562ad0237c3dec5b057bf83c340e3a963378fd649f30c83f776ad9771814d5a6f1f5ff441f9f308962e256b0cc638421b3fe904931f9983c478c6c
SSDEEP

49152:85Lji1oickcGvPVTTWMW6HgHA7IxPn6R9fHn5kgQBHaFIQGyeUaLw0yYLKvR9j:85LjGot6BTyKMJQHfnCQ7Gy70z+vHj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2880	adfdba51de0fc3818e573713538a1cdc.exe

Executes dropped EXE 1 IoCs

pid	Process
2880	adfdba51de0fc3818e573713538a1cdc.exe

Loads dropped DLL 1 IoCs

pid	Process
2752	adfdba51de0fc3818e573713538a1cdc.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2752-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a0000000122b8-12.dat	upx
behavioral1/files/0x000a0000000122b8-15.dat	upx
behavioral1/files/0x000a0000000122b8-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2752	adfdba51de0fc3818e573713538a1cdc.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2752	adfdba51de0fc3818e573713538a1cdc.exe
2880	adfdba51de0fc3818e573713538a1cdc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 2880	2752	adfdba51de0fc3818e573713538a1cdc.exe	28
PID 2752 wrote to memory of 2880	2752	adfdba51de0fc3818e573713538a1cdc.exe	28
PID 2752 wrote to memory of 2880	2752	adfdba51de0fc3818e573713538a1cdc.exe	28
PID 2752 wrote to memory of 2880	2752	adfdba51de0fc3818e573713538a1cdc.exe	28

C:\Users\Admin\AppData\Local\Temp\adfdba51de0fc3818e573713538a1cdc.exe
"C:\Users\Admin\AppData\Local\Temp\adfdba51de0fc3818e573713538a1cdc.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Users\Admin\AppData\Local\Temp\adfdba51de0fc3818e573713538a1cdc.exe
  C:\Users\Admin\AppData\Local\Temp\adfdba51de0fc3818e573713538a1cdc.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\adfdba51de0fc3818e573713538a1cdc.exe

Filesize
832KB

MD5
7f1cb3a3b853d0f9d72235e6950bc81c

SHA1
cc479eccdc0cfb3ceb5c779286db520e53234096

SHA256
f40593112167e2a1a2b565009f89ac2c9827125ca60ffdca9ee55258e1941f61

SHA512
83b3dc5323e94fcdd7c726662f2e68d680f7e1ef21bda6565ae3f2266c1c900583d3674dcddf6ac04e1407196e944838598ac52b1200d15cc1a38375e17b6ff5

Download Submit
C:\Users\Admin\AppData\Local\Temp\adfdba51de0fc3818e573713538a1cdc.exe

Filesize
1024KB

MD5
51436c2c843ec7951761a795b2eee24a

SHA1
a87de43c631d36039a56294e96044bf88353ccd2

SHA256
fbf3484132d1b0b426e2d1476a12a2289da88ccc709385b6b2b5b082f7ea6d1a

SHA512
599450e9c820c6ff10d4c7a05d99178f8e4a419ff13fac03dbdd8381bd6fc5aa44c7428afba39c00b205a2564c96f036f95a557c6442a67d17784c23bfca6656

Download Submit
\Users\Admin\AppData\Local\Temp\adfdba51de0fc3818e573713538a1cdc.exe

Filesize
960KB

MD5
2efe1b4d115269309d2dfaf7b2ef439f

SHA1
9e915c7070a472eb33c266abaa5c7fc05cbe64f7

SHA256
84d97cb1bed63b9a0d3ee3a276aaa45bad38b4c45234b9dadcdfde767422af8e

SHA512
014481232408298b6caeef115bb1e86b346f1d14c08b633cb25d3c50967991a3c981f71057bf171a730da6f246355a070f82f8e976bf7564ed2bbe0c90d9b16f

Download Submit
memory/2752-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2752-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2752-14-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/2752-3-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2752-0-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2752-31-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/2880-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2880-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2880-19-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2880-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2880-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2880-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download