a9735e725175a2401ac575de1b9642e97857568e1daf07033ebb02d9e02fd8dd

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11-03-2024 16:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c10b3a1eff3a14cc8a4d4b599c98f30e.exe
Size

5.3MB
MD5

c10b3a1eff3a14cc8a4d4b599c98f30e
SHA1

b425a25528a1e68f02971c5f1d6458483e82991d
SHA256

a9735e725175a2401ac575de1b9642e97857568e1daf07033ebb02d9e02fd8dd
SHA512

4b08c1018bfd509ef1eba41ea0d706132f06bd24ead78303d88f1817c3318265413205ba498a663b3c6b79b3cfe6a7221a8fd8ca70a634e69c473637d08f6958
SSDEEP

98304:yFTQglsIcFdHHktBcwQDM2YIDULHXq43yNDfHktBcwQDM2YIDULHt:qcgl4FdHschDHIaP1fschDHIN

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2224	c10b3a1eff3a14cc8a4d4b599c98f30e.exe

Executes dropped EXE 1 IoCs

pid	Process
2224	c10b3a1eff3a14cc8a4d4b599c98f30e.exe

Loads dropped DLL 1 IoCs

pid	Process
624	c10b3a1eff3a14cc8a4d4b599c98f30e.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/624-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a000000015626-10.dat	upx
behavioral1/files/0x000a000000015626-12.dat	upx
behavioral1/files/0x000a000000015626-15.dat	upx
behavioral1/memory/2224-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/memory/624-14-0x0000000003E30000-0x0000000004317000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
624	c10b3a1eff3a14cc8a4d4b599c98f30e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
624	c10b3a1eff3a14cc8a4d4b599c98f30e.exe
2224	c10b3a1eff3a14cc8a4d4b599c98f30e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 624 wrote to memory of 2224	624	c10b3a1eff3a14cc8a4d4b599c98f30e.exe	28
PID 624 wrote to memory of 2224	624	c10b3a1eff3a14cc8a4d4b599c98f30e.exe	28
PID 624 wrote to memory of 2224	624	c10b3a1eff3a14cc8a4d4b599c98f30e.exe	28
PID 624 wrote to memory of 2224	624	c10b3a1eff3a14cc8a4d4b599c98f30e.exe	28

C:\Users\Admin\AppData\Local\Temp\c10b3a1eff3a14cc8a4d4b599c98f30e.exe
"C:\Users\Admin\AppData\Local\Temp\c10b3a1eff3a14cc8a4d4b599c98f30e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:624
- C:\Users\Admin\AppData\Local\Temp\c10b3a1eff3a14cc8a4d4b599c98f30e.exe
  C:\Users\Admin\AppData\Local\Temp\c10b3a1eff3a14cc8a4d4b599c98f30e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c10b3a1eff3a14cc8a4d4b599c98f30e.exe

Filesize
1.5MB

MD5
aff0578966bcb49cfe5e535443d1627e

SHA1
db346ddafcd9864f79027d03b41bb9b3852bac19

SHA256
3605af54af94fa2a6465e0ce5549ae03d840a60b7be0573e0156f73919580b5a

SHA512
65f12d042808d5c6e105b6ad13559a6e88a5e474aef96623a95a4280110c3e70fb46cd058c60ab4209e830021c66822a348ba55b801aef11149caa8e05f99ddf

Download Submit
C:\Users\Admin\AppData\Local\Temp\c10b3a1eff3a14cc8a4d4b599c98f30e.exe

Filesize
2.0MB

MD5
a76a41a1d688c7f6c777e6d37bf47ad2

SHA1
0f158ccadd1a373cae158a2933a40dad029006e5

SHA256
09e57f21887dcb515e26e233fb525463549b108ef707c4007a9772e7b9115b0a

SHA512
c9c1664ef4289103a47bf4f99dae7f2aead4f4c668c96158a038db88abb9c802b29dca416f8ee28113a1d887c2e37094b67a8fddbc585ccd87158076e496cbec

Download Submit
\Users\Admin\AppData\Local\Temp\c10b3a1eff3a14cc8a4d4b599c98f30e.exe

Filesize
1.3MB

MD5
30fcc84ea50a932a4ac93b3109c73ae3

SHA1
da1bc770ae5024d4ea6ac3d481dd8b0a96e8f926

SHA256
6ad96070b77a7c7d8166193b362a66c86476bb6b53d8d3006b009e672a9b0f74

SHA512
2c1c89677295ec6b1b08f39ee0b0435232a4b0544dbdc159110af1ce245d60b1520709a66dda2e8e0998e12863d72f44af3e32c4b15b079802c0ff2e94fed1d8

Download Submit
memory/624-14-0x0000000003E30000-0x0000000004317000-memory.dmp

Filesize
4.9MB

Download
memory/624-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/624-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/624-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/624-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2224-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2224-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2224-19-0x0000000000250000-0x0000000000381000-memory.dmp

Filesize
1.2MB

Download
memory/2224-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2224-24-0x00000000034C0000-0x00000000036E2000-memory.dmp

Filesize
2.1MB

Download
memory/2224-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download