55f43e1c4415e625aac76bb9891219a78cb5e440c2defd41fca9c9c894c94623

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c02c34ad18127a3a1575f00ed7cb4b8b.exe
Size

11.7MB
MD5

c02c34ad18127a3a1575f00ed7cb4b8b
SHA1

7353ea3dc1d11abadc831776322bcd09b65649e7
SHA256

55f43e1c4415e625aac76bb9891219a78cb5e440c2defd41fca9c9c894c94623
SHA512

c33e92c559b6e884cd74c40100d4f7ee2927d49f81ac0a8172244b9c7b66095f86387540af59c42fe674dd38cfd7a74de9e697ade46855a3f5e1412dcc954b61
SSDEEP

196608:Z47XG9WCOeUW2WCH/Ao8YVQiWCOeUW2WC:ZUYdp2Fo92dp2

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2556	c02c34ad18127a3a1575f00ed7cb4b8b.exe

Executes dropped EXE 1 IoCs

pid	Process
2556	c02c34ad18127a3a1575f00ed7cb4b8b.exe

Loads dropped DLL 1 IoCs

pid	Process
2760	c02c34ad18127a3a1575f00ed7cb4b8b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2760-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012254-10.dat	upx
behavioral1/files/0x000a000000012254-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2760	c02c34ad18127a3a1575f00ed7cb4b8b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2760	c02c34ad18127a3a1575f00ed7cb4b8b.exe
2556	c02c34ad18127a3a1575f00ed7cb4b8b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2556	2760	c02c34ad18127a3a1575f00ed7cb4b8b.exe	28
PID 2760 wrote to memory of 2556	2760	c02c34ad18127a3a1575f00ed7cb4b8b.exe	28
PID 2760 wrote to memory of 2556	2760	c02c34ad18127a3a1575f00ed7cb4b8b.exe	28
PID 2760 wrote to memory of 2556	2760	c02c34ad18127a3a1575f00ed7cb4b8b.exe	28

C:\Users\Admin\AppData\Local\Temp\c02c34ad18127a3a1575f00ed7cb4b8b.exe
"C:\Users\Admin\AppData\Local\Temp\c02c34ad18127a3a1575f00ed7cb4b8b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Users\Admin\AppData\Local\Temp\c02c34ad18127a3a1575f00ed7cb4b8b.exe
  C:\Users\Admin\AppData\Local\Temp\c02c34ad18127a3a1575f00ed7cb4b8b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c02c34ad18127a3a1575f00ed7cb4b8b.exe

Filesize
4.0MB

MD5
e9438fddb9dde2cf7fa7252cc6228c11

SHA1
e54b346d1536d749b37c3a3a7fa944a4b6c2cd6d

SHA256
f55a4b916f8e677107cdcc924b248a3c89ecf8e425bee12e0aabce2d6875a185

SHA512
6e06f944653f05ac46ee361e9a9a76428e5fd3e635366a3bd7e90b02f27b6348a66113c0011f9d4a8f7ee9329f338ffe3b52a29f6b0be102abf82987acec48a4

Download Submit
\Users\Admin\AppData\Local\Temp\c02c34ad18127a3a1575f00ed7cb4b8b.exe

Filesize
3.9MB

MD5
60c9edff4b91b4dcb514113d07da50f9

SHA1
2d6c876a8fc301fa336741d29f415723db969ecf

SHA256
2fb40a3a8fba99421800d0f98fb1816c88a69e156fc52dd942ce7e8f61582c02

SHA512
06bd2825010f2ca9ecfbe21341349a83ed9fd65530b0c6f693deab6ec04f528ecbff6583b08a9990978d7a773b983cb48bb52d5d8967d44f7cd3b7c8bb7c7351

Download Submit
memory/2556-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2556-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2556-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2556-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2556-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2556-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2760-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2760-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2760-15-0x0000000004990000-0x0000000004E7F000-memory.dmp

Filesize
4.9MB

Download
memory/2760-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2760-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2760-31-0x0000000004990000-0x0000000004E7F000-memory.dmp

Filesize
4.9MB

Download