44e3444414d8ea63e7eccc973522856a3245561dbab1d90bcdc3196980c8408d

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 07:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae0f85ee368149541f601dd670acd210.exe
Size

2.7MB
MD5

ae0f85ee368149541f601dd670acd210
SHA1

e7111b80d3648fdfc82ece8a57fa30bb1ff87795
SHA256

44e3444414d8ea63e7eccc973522856a3245561dbab1d90bcdc3196980c8408d
SHA512

679b5f9c8de24049a70f9c3216e7798b8ad747bf9e3eebb9cf4fc2e9a7d41034aaaa0ac44f2c6462d3eb0598db873f4a7245caba6cc141fbbe50e8e8896f8aa1
SSDEEP

49152:PYONRPCeLhtSfwJAWTHiJBlyiOKeEj7s+rR9VBa4+pcm+ZPLj+OeT24dTx14R9j:PlbBSYAb7lyHKeN+rHVNVl+bT4Hj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2992	ae0f85ee368149541f601dd670acd210.exe

Executes dropped EXE 1 IoCs

pid	Process
2992	ae0f85ee368149541f601dd670acd210.exe

Loads dropped DLL 1 IoCs

pid	Process
1284	ae0f85ee368149541f601dd670acd210.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1284-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b00000001221f-12.dat	upx
behavioral1/files/0x000b00000001221f-15.dat	upx
behavioral1/files/0x000b00000001221f-10.dat	upx
behavioral1/memory/2992-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1284	ae0f85ee368149541f601dd670acd210.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1284	ae0f85ee368149541f601dd670acd210.exe
2992	ae0f85ee368149541f601dd670acd210.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 2992	1284	ae0f85ee368149541f601dd670acd210.exe	28
PID 1284 wrote to memory of 2992	1284	ae0f85ee368149541f601dd670acd210.exe	28
PID 1284 wrote to memory of 2992	1284	ae0f85ee368149541f601dd670acd210.exe	28
PID 1284 wrote to memory of 2992	1284	ae0f85ee368149541f601dd670acd210.exe	28

C:\Users\Admin\AppData\Local\Temp\ae0f85ee368149541f601dd670acd210.exe
"C:\Users\Admin\AppData\Local\Temp\ae0f85ee368149541f601dd670acd210.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Users\Admin\AppData\Local\Temp\ae0f85ee368149541f601dd670acd210.exe
  C:\Users\Admin\AppData\Local\Temp\ae0f85ee368149541f601dd670acd210.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ae0f85ee368149541f601dd670acd210.exe

Filesize
2.3MB

MD5
0ac9eeb1301c6f1a931637b458a48f34

SHA1
b9333036f1ae2d1fd0812949c8bc6e3ea6ea600a

SHA256
56bff64c03f1b2339e6d3390f6b3247446183ba8da25ed17b557acadb5637a06

SHA512
bafac5e7ac8b0f4f6593cbca147843fe01d2c9a142adce2cd60e822260ce3d287171118534e42eb8cabd46934367723be12d7b12c23d2e463889f0e28f877a24

Download Submit
C:\Users\Admin\AppData\Local\Temp\ae0f85ee368149541f601dd670acd210.exe

Filesize
2.2MB

MD5
cce58ffa6980497832f613e86d2a108a

SHA1
80c4830db92a1caca6a52b078ddcf6ae1d1e7535

SHA256
187c5e9d76f8548ed41369e98714662c33ff43f61c98a4be740c0051949bde71

SHA512
d4c416c7c7a8697c3a3c998efa73d8628f857f8cdad493b9974c99d05a2d6e35806eeb4bbd60626c54ce203c9bca822b12b295c3d5429575d77410adfae3cfc0

Download Submit
\Users\Admin\AppData\Local\Temp\ae0f85ee368149541f601dd670acd210.exe

Filesize
2.7MB

MD5
42713b9c53a15a3e79b6cbb0ce48b110

SHA1
50b78e6c2a60f5334d25562162fe387c1fa9972e

SHA256
33ed7ede838aa44ecccfb952172ea8090bdfee37cb119ace4681e8802cea6e6e

SHA512
528fd6a0f3a8e70b56834100e3321906ac9655247e520d11df1c1a3cd48d75e4c34d288bc5e51f57d1ad3647389dd55c06d102c7b473c2a43259a970ca91d37f

Download Submit
memory/1284-13-0x0000000003A20000-0x0000000003F07000-memory.dmp

Filesize
4.9MB

Download
memory/1284-3-0x00000000002B0000-0x00000000003E1000-memory.dmp

Filesize
1.2MB

Download
memory/1284-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1284-0-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1284-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2992-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2992-17-0x0000000000230000-0x0000000000361000-memory.dmp

Filesize
1.2MB

Download
memory/2992-18-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2992-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2992-25-0x0000000003630000-0x0000000003852000-memory.dmp

Filesize
2.1MB

Download
memory/2992-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download