11e7de47727bea67bba64d1092eddae6f90223aec78be716f2cdb5e8aeb70a47

Analysis

max time kernel
197s
max time network
226s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 16:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

abe6a7a1dd3749bd6d3882fdd060dcfcd5d7113fdfcfeea7e2adc3351125c9df.exe
Size

19.5MB
MD5

25269b53e8af50abde34b39097654e08
SHA1

eaa594ebd7d12619a103d4d28208a899875e5f2c
SHA256

abe6a7a1dd3749bd6d3882fdd060dcfcd5d7113fdfcfeea7e2adc3351125c9df
SHA512

59c4326d20651924ac0e5032bcacb534a2274414cefcfaf91e7a022bd4c3dddc77fe0110a1cce517b05a66be667f7227c24e921ae7f6eccf65c64c5ad96544b3
SSDEEP

49152:Oz07Il4AcUpn+dEoiMpnkZw4vqjIp88q/WlqpWzOxFcOQCah0E+ST8v50QXIya21:OYISA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2564-17-0x0000000013140000-0x0000000014367000-memory.dmp	upx
behavioral1/memory/2564-18-0x0000000013140000-0x0000000014367000-memory.dmp	upx
behavioral1/memory/2564-20-0x0000000013140000-0x0000000014367000-memory.dmp	upx
behavioral1/memory/2564-19-0x0000000013140000-0x0000000014367000-memory.dmp	upx
behavioral1/memory/2564-21-0x0000000013140000-0x0000000014367000-memory.dmp	upx

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2564	2644	abe6a7a1dd3749bd6d3882fdd060dcfcd5d7113fdfcfeea7e2adc3351125c9df.exe	29
PID 2644 wrote to memory of 2564	2644	abe6a7a1dd3749bd6d3882fdd060dcfcd5d7113fdfcfeea7e2adc3351125c9df.exe	29
PID 2644 wrote to memory of 2564	2644	abe6a7a1dd3749bd6d3882fdd060dcfcd5d7113fdfcfeea7e2adc3351125c9df.exe	29
PID 2644 wrote to memory of 2564	2644	abe6a7a1dd3749bd6d3882fdd060dcfcd5d7113fdfcfeea7e2adc3351125c9df.exe	29
PID 2644 wrote to memory of 2564	2644	abe6a7a1dd3749bd6d3882fdd060dcfcd5d7113fdfcfeea7e2adc3351125c9df.exe	29
PID 2644 wrote to memory of 2564	2644	abe6a7a1dd3749bd6d3882fdd060dcfcd5d7113fdfcfeea7e2adc3351125c9df.exe	29

C:\Users\Admin\AppData\Local\Temp\abe6a7a1dd3749bd6d3882fdd060dcfcd5d7113fdfcfeea7e2adc3351125c9df.exe
"C:\Users\Admin\AppData\Local\Temp\abe6a7a1dd3749bd6d3882fdd060dcfcd5d7113fdfcfeea7e2adc3351125c9df.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\windows\syswow64\grpconv.exe
  C:\windows\syswow64\grpconv.exe
  2⤵
  PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2564-15-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2564-21-0x0000000013140000-0x0000000014367000-memory.dmp

Filesize
18.2MB

Download
memory/2564-19-0x0000000013140000-0x0000000014367000-memory.dmp

Filesize
18.2MB

Download
memory/2564-20-0x0000000013140000-0x0000000014367000-memory.dmp

Filesize
18.2MB

Download
memory/2564-18-0x0000000013140000-0x0000000014367000-memory.dmp

Filesize
18.2MB

Download
memory/2564-17-0x0000000013140000-0x0000000014367000-memory.dmp

Filesize
18.2MB

Download
memory/2564-14-0x0000000013140000-0x0000000014367000-memory.dmp

Filesize
18.2MB

Download
memory/2644-6-0x0000000000400000-0x000000000178F000-memory.dmp

Filesize
19.6MB

Download
memory/2644-12-0x0000000000400000-0x000000000178F000-memory.dmp

Filesize
19.6MB

Download
memory/2644-13-0x0000000000400000-0x000000000178F000-memory.dmp

Filesize
19.6MB

Download
memory/2644-11-0x0000000000400000-0x000000000178F000-memory.dmp

Filesize
19.6MB

Download
memory/2644-8-0x0000000000400000-0x000000000178F000-memory.dmp

Filesize
19.6MB

Download
memory/2644-7-0x0000000000400000-0x000000000178F000-memory.dmp

Filesize
19.6MB

Download
memory/2644-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2644-5-0x0000000000400000-0x000000000178F000-memory.dmp

Filesize
19.6MB

Download
memory/2644-4-0x0000000000400000-0x000000000178F000-memory.dmp

Filesize
19.6MB

Download
memory/2644-1-0x0000000000400000-0x000000000178F000-memory.dmp

Filesize
19.6MB

Download
memory/2644-22-0x0000000000400000-0x000000000178F000-memory.dmp

Filesize
19.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads