2d71fe4a2d669107231d5511ea6e055b842493698add11a69f2adda4a8c5f2ff

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4503bfb6fae42c89640f3dece3b9a25.exe
Size

10.7MB
MD5

c4503bfb6fae42c89640f3dece3b9a25
SHA1

f81d6d1629eff1d6e112faceaff7c177f0b61e66
SHA256

2d71fe4a2d669107231d5511ea6e055b842493698add11a69f2adda4a8c5f2ff
SHA512

a27838a76398c6f047c69ad5fce215119a0b7baf882c04bdf8cc3d4d6e8aabc944a3e8ef1f2745be9422328b9edd9c70182d89f718b480a35381f1b34c45f645
SSDEEP

196608:3HX39ahOQNJJDxryam7rXexryR8j/dVxryam7rXexry:3H9ahOQNA7es7

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
868	c4503bfb6fae42c89640f3dece3b9a25.exe

Executes dropped EXE 1 IoCs

pid	Process
868	c4503bfb6fae42c89640f3dece3b9a25.exe

Loads dropped DLL 1 IoCs

pid	Process
2080	c4503bfb6fae42c89640f3dece3b9a25.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2080-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000b000000012256-11.dat	upx
behavioral1/files/0x000b000000012256-16.dat	upx
behavioral1/memory/868-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2080	c4503bfb6fae42c89640f3dece3b9a25.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2080	c4503bfb6fae42c89640f3dece3b9a25.exe
868	c4503bfb6fae42c89640f3dece3b9a25.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 868	2080	c4503bfb6fae42c89640f3dece3b9a25.exe	28
PID 2080 wrote to memory of 868	2080	c4503bfb6fae42c89640f3dece3b9a25.exe	28
PID 2080 wrote to memory of 868	2080	c4503bfb6fae42c89640f3dece3b9a25.exe	28
PID 2080 wrote to memory of 868	2080	c4503bfb6fae42c89640f3dece3b9a25.exe	28

C:\Users\Admin\AppData\Local\Temp\c4503bfb6fae42c89640f3dece3b9a25.exe
"C:\Users\Admin\AppData\Local\Temp\c4503bfb6fae42c89640f3dece3b9a25.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Users\Admin\AppData\Local\Temp\c4503bfb6fae42c89640f3dece3b9a25.exe
  C:\Users\Admin\AppData\Local\Temp\c4503bfb6fae42c89640f3dece3b9a25.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c4503bfb6fae42c89640f3dece3b9a25.exe

Filesize
3.0MB

MD5
6dace8c86e8d923c924e3a3147bc9ec3

SHA1
1c9924271cb05b80e248882e00db67705190ad63

SHA256
409e905b6ebd64b9ff1bcc8619fb774a0fe8941aa37191ab2cfdbd76212ab72b

SHA512
81dd4a9171c8d4231a8a356d29b3a3e00e04253c57900b028fb97fef463052ff9dfe6bba540959e334f0396373acce9b95e8a2e35bd3b1f2a57a9c65434e94fe

Download Submit
\Users\Admin\AppData\Local\Temp\c4503bfb6fae42c89640f3dece3b9a25.exe

Filesize
128KB

MD5
ecb3100842e853abf80dac8c021523b1

SHA1
f2e5f7ca2919a75ca8d37b29be5bbc276b2b538c

SHA256
58a6be1cc113c74e7a52a131bcbb8b40eedbfa88a2617a0ddf7417c0dede790d

SHA512
2821c37cbe08801b1dba1c2e7dc72550745d1d71f7eacf0db8fadb58bda9ead3a7c0555f23ed6cc1a9ed9f12ddebed4bc94ae8f3a30bf5a42dffac05beef745f

Download Submit
memory/868-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/868-19-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/868-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/868-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2080-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2080-2-0x00000000002B0000-0x00000000003C2000-memory.dmp

Filesize
1.1MB

Download
memory/2080-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2080-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2080-14-0x0000000004570000-0x00000000049DA000-memory.dmp

Filesize
4.4MB

Download