0774f24ad5800a58252296a208d0c97e88cf62e393f0cba3621276e72db1fe7e

Analysis

max time kernel
122s
max time network
139s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 22:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c44314d44cb47fc98fc7157ddc9d5e2d.exe
Size

5.8MB
MD5

c44314d44cb47fc98fc7157ddc9d5e2d
SHA1

eaa4182a4b76f250364aacb8306c797846632da6
SHA256

0774f24ad5800a58252296a208d0c97e88cf62e393f0cba3621276e72db1fe7e
SHA512

4c5203a9e3b07d575875ecd7870257baf71147ee66ea856cd6292206e654c14042931bd669546071a4dd03786532bd7129049aefdc75ed391b4c8074e69b7cff
SSDEEP

98304:zywB4sBRF1A7RMgg3gnl/IVUs1jePsqthvHrFHa7a1gg3gnl/IVUs1jePs:asB7+9ogl/iBiPftLIagl/iBiP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2872	c44314d44cb47fc98fc7157ddc9d5e2d.exe

Executes dropped EXE 1 IoCs

pid	Process
2872	c44314d44cb47fc98fc7157ddc9d5e2d.exe

Loads dropped DLL 1 IoCs

pid	Process
2928	c44314d44cb47fc98fc7157ddc9d5e2d.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2928-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000f000000012241-10.dat	upx
behavioral1/memory/2928-16-0x0000000003C90000-0x000000000417F000-memory.dmp	upx
behavioral1/files/0x000f000000012241-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2928	c44314d44cb47fc98fc7157ddc9d5e2d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2928	c44314d44cb47fc98fc7157ddc9d5e2d.exe
2872	c44314d44cb47fc98fc7157ddc9d5e2d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 2872	2928	c44314d44cb47fc98fc7157ddc9d5e2d.exe	28
PID 2928 wrote to memory of 2872	2928	c44314d44cb47fc98fc7157ddc9d5e2d.exe	28
PID 2928 wrote to memory of 2872	2928	c44314d44cb47fc98fc7157ddc9d5e2d.exe	28
PID 2928 wrote to memory of 2872	2928	c44314d44cb47fc98fc7157ddc9d5e2d.exe	28

C:\Users\Admin\AppData\Local\Temp\c44314d44cb47fc98fc7157ddc9d5e2d.exe
"C:\Users\Admin\AppData\Local\Temp\c44314d44cb47fc98fc7157ddc9d5e2d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Users\Admin\AppData\Local\Temp\c44314d44cb47fc98fc7157ddc9d5e2d.exe
  C:\Users\Admin\AppData\Local\Temp\c44314d44cb47fc98fc7157ddc9d5e2d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c44314d44cb47fc98fc7157ddc9d5e2d.exe

Filesize
3.2MB

MD5
2ef63c4cf81156901f8fd8a91b281013

SHA1
f5c8f48aa9f53d625b206348e8e03d040a66cf3b

SHA256
255833523a977dc71d50d4c5d69f7d10cd20ed7a7da4c80fd8c49d98198b95f3

SHA512
857a954818f754ae6d28eea53ee044c77d86d56b078f157cd7ec60a11454f3123741dc573b1f13f9f6bfbb730db0de28b6b55fb37673432bc728de0107630069

Download Submit
\Users\Admin\AppData\Local\Temp\c44314d44cb47fc98fc7157ddc9d5e2d.exe

Filesize
2.8MB

MD5
28cabf8327f9a68fda42a6c3b7177b13

SHA1
77278b41c1bf332a475f136be746e87e546d8e02

SHA256
5f3d724bda91dc190abb9b0cd8ae6ba804189e1d37db1b293b3a72440977a78b

SHA512
42edde861aa4d3670a2fb3b3f7db2b622fdd81e2c52e7ef97ac4567bad9d07fc360a522b05769aee2a14aa7de5211755a1e7c609385bd678a46c36fcc2b9ee8c

Download Submit
memory/2872-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2872-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2872-20-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/2872-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2872-25-0x0000000003500000-0x000000000372A000-memory.dmp

Filesize
2.2MB

Download
memory/2872-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2928-2-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2928-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2928-16-0x0000000003C90000-0x000000000417F000-memory.dmp

Filesize
4.9MB

Download
memory/2928-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2928-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2928-31-0x0000000003C90000-0x000000000417F000-memory.dmp

Filesize
4.9MB

Download