ff15aa197f0115bda55c518cc5b64a7361b8677cb5bc28440bb72bcb5d137c07

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-03-2024 01:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c223d24804ba79e4d16ee687eded2b56.exe
Size

1.3MB
MD5

c223d24804ba79e4d16ee687eded2b56
SHA1

3ec58232e0a5ae5d3ce8724eb2e318688895ed25
SHA256

ff15aa197f0115bda55c518cc5b64a7361b8677cb5bc28440bb72bcb5d137c07
SHA512

c177970c3c80f47940b3593af298e8dcccee5b82406a2fda7356b681532732550b800a490664a3fb3bee5673139d0f63c127b1710434676e9af855c5ef1de7c8
SSDEEP

24576:s/nnRwQI2mI/Qswr3JGieJZNE3NRjbkI3Et7oiNyEIompyXk25U9/9Us:swQLmYwJFeXNyjgIUtPN/Gp4AR9j

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2252	c223d24804ba79e4d16ee687eded2b56.exe

Executes dropped EXE 1 IoCs

pid	Process
2252	c223d24804ba79e4d16ee687eded2b56.exe

Loads dropped DLL 1 IoCs

pid	Process
2744	c223d24804ba79e4d16ee687eded2b56.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2744-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000d0000000122ce-10.dat	upx
behavioral1/files/0x000d0000000122ce-12.dat	upx
behavioral1/memory/2744-14-0x00000000034C0000-0x00000000039A7000-memory.dmp	upx
behavioral1/memory/2252-17-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000d0000000122ce-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2744	c223d24804ba79e4d16ee687eded2b56.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2744	c223d24804ba79e4d16ee687eded2b56.exe
2252	c223d24804ba79e4d16ee687eded2b56.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 2252	2744	c223d24804ba79e4d16ee687eded2b56.exe	28
PID 2744 wrote to memory of 2252	2744	c223d24804ba79e4d16ee687eded2b56.exe	28
PID 2744 wrote to memory of 2252	2744	c223d24804ba79e4d16ee687eded2b56.exe	28
PID 2744 wrote to memory of 2252	2744	c223d24804ba79e4d16ee687eded2b56.exe	28

C:\Users\Admin\AppData\Local\Temp\c223d24804ba79e4d16ee687eded2b56.exe
"C:\Users\Admin\AppData\Local\Temp\c223d24804ba79e4d16ee687eded2b56.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Users\Admin\AppData\Local\Temp\c223d24804ba79e4d16ee687eded2b56.exe
  C:\Users\Admin\AppData\Local\Temp\c223d24804ba79e4d16ee687eded2b56.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c223d24804ba79e4d16ee687eded2b56.exe

Filesize
1.2MB

MD5
1bac20ca041ee6f6dbdc9ee7dfd289f4

SHA1
77067eeddc611bad5504100152c2fbadaf414f8d

SHA256
b4b41e63569fee0d960e49ed85e997dd7ace154a52b08c8e78a9261aa0dec2f9

SHA512
a4fdd6d52a3ab9b3e9a30bcaf138b927fc8dff134e799b825766da268a932be9405f389c420bf8984991873af0ce3ff0805ca993f733e99a2a89711df4038fc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\c223d24804ba79e4d16ee687eded2b56.exe

Filesize
1.3MB

MD5
fb93f941f13f0f2cfd9d85887511878e

SHA1
c4863cca6c951399a7524af501d81e06b97ca4a5

SHA256
7b6519c8c49a6f568616ad7ddd111d6b825709817fdbaf340e5c47d9519d57b4

SHA512
4dc27ab855583ddfe65f11ef18cf7826d6edc5990b561167d543fdd6ef06bbeed1651ad652f94eaf89c744ca1e2fa633e72c397f8bcfa70ef0529b160ac7a7d5

Download Submit
\Users\Admin\AppData\Local\Temp\c223d24804ba79e4d16ee687eded2b56.exe

Filesize
1024KB

MD5
e0e5892aa2e17294a4febcb3001bc9cf

SHA1
8e0326b6c3463960668e1fc4a21104613e3e607f

SHA256
108f193d254ad1ae81c18b4307e1ef523470013ee1528d1e2efd0e1d2a0c6667

SHA512
0fdee1db09ca751effcf6dcf8b20e39481110f348e429f56b7044f20dc53d1a7ccdbafe8e29b65e7576c70a6007dad1992ecc0a4ef9fee89271c39afbefa2183

Download Submit
memory/2252-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2252-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2252-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2252-24-0x00000000034D0000-0x00000000036F2000-memory.dmp

Filesize
2.1MB

Download
memory/2252-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2252-19-0x0000000000260000-0x0000000000391000-memory.dmp

Filesize
1.2MB

Download
memory/2744-14-0x00000000034C0000-0x00000000039A7000-memory.dmp

Filesize
4.9MB

Download
memory/2744-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2744-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2744-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2744-31-0x00000000034C0000-0x00000000039A7000-memory.dmp

Filesize
4.9MB

Download
memory/2744-1-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download