59bcfa28629920a9e3aa27412cbeb6c40f83f81b399f80838de5683e5e91b744

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c082c91a901d0a9db013d9b3d684f558.exe
Size

1.5MB
MD5

c082c91a901d0a9db013d9b3d684f558
SHA1

11a43c154e54d374ddf91bca2714c7fd0f5addef
SHA256

59bcfa28629920a9e3aa27412cbeb6c40f83f81b399f80838de5683e5e91b744
SHA512

beb6fc96ca1824660baa3d7ec7e470c9e9522b1a56c71470bb21c61c1961aa61a8225266fb785537b124729b67e2b937dc71428280fa2f3f4565b0580ec66fc6
SSDEEP

24576:sb3ipKbtw7Wke2uvvUJfUJYq7x5MgQwQdEno+b9D5eP5AgXVbBxW:ayWQ3LJOujOo69QLVn

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
800	c082c91a901d0a9db013d9b3d684f558.exe

Executes dropped EXE 1 IoCs

pid	Process
800	c082c91a901d0a9db013d9b3d684f558.exe

Loads dropped DLL 1 IoCs

pid	Process
2720	c082c91a901d0a9db013d9b3d684f558.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2720-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000800000001222c-10.dat	upx
behavioral1/files/0x000800000001222c-13.dat	upx
behavioral1/files/0x000800000001222c-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2720	c082c91a901d0a9db013d9b3d684f558.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2720	c082c91a901d0a9db013d9b3d684f558.exe
800	c082c91a901d0a9db013d9b3d684f558.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 800	2720	c082c91a901d0a9db013d9b3d684f558.exe	28
PID 2720 wrote to memory of 800	2720	c082c91a901d0a9db013d9b3d684f558.exe	28
PID 2720 wrote to memory of 800	2720	c082c91a901d0a9db013d9b3d684f558.exe	28
PID 2720 wrote to memory of 800	2720	c082c91a901d0a9db013d9b3d684f558.exe	28

C:\Users\Admin\AppData\Local\Temp\c082c91a901d0a9db013d9b3d684f558.exe
"C:\Users\Admin\AppData\Local\Temp\c082c91a901d0a9db013d9b3d684f558.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Users\Admin\AppData\Local\Temp\c082c91a901d0a9db013d9b3d684f558.exe
  C:\Users\Admin\AppData\Local\Temp\c082c91a901d0a9db013d9b3d684f558.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c082c91a901d0a9db013d9b3d684f558.exe

Filesize
1.2MB

MD5
64e78e087b603b9bed0bd116fb93b9ec

SHA1
fa20bf427a7f78ab6488fcf1d1cbb71162165f61

SHA256
400ff759ed4b9df09ee96e72387d08131da9bfe1be45afe81959001d2b9d3f7e

SHA512
a417c57bd75b77e3f9598f4e5bbc9822c267a44f46552f8e7a35d8bb7f22baf8acd652288b6819f1f2d371f42999f0dfe45369a9b2363b3bd956097fe32b1b78

Download Submit
C:\Users\Admin\AppData\Local\Temp\c082c91a901d0a9db013d9b3d684f558.exe

Filesize
384KB

MD5
22aa9c3e97c09782be3c6bad2cc8cadf

SHA1
4d841ce0482e913e93b8b7e9461d30e5ec4c70e7

SHA256
136370187e6f38111905f1a0fa86cc5e103875188613f379091efe586bac08b8

SHA512
a0ac32c9a3011dff5a0c4cb70223d8453ebc3770169798851219a6927e84ee1351afc8e83ab7cfbe7a5a985d1dca00aa5ef494f4a993ace69ac4246007c9ab10

Download Submit
\Users\Admin\AppData\Local\Temp\c082c91a901d0a9db013d9b3d684f558.exe

Filesize
448KB

MD5
be71a1bbec38844aa0c46ba5dfdbcaf7

SHA1
acb434c7ef1f3ff1038a6fd30523297e432963ec

SHA256
f5913a4ea86661a3115a81a2383861ab644c0cc06b0ceb53a55639df5ea484b1

SHA512
4cdc84a7e44ce4465a0b1e4f4f2b03e05f9a90181a868503b4c9d207c6debb61e8ece365c07b22942bfca18ec0e0d2a84ab4fda310386ed07eb3f4bc599cb2d1

Download Submit
memory/800-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/800-19-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/800-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/800-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/800-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/800-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2720-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2720-15-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2720-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2720-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2720-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2720-31-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download