a5e6cef0100b016ada33f9a543643d2f7f67652f87ecd3681bb194ffe9bf5c22

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3582b05c1ee2ef091cb1b9e0d4235a6.exe
Size

2.7MB
MD5

c3582b05c1ee2ef091cb1b9e0d4235a6
SHA1

f1d7b2cf142b99608870561be5996c61be06e30f
SHA256

a5e6cef0100b016ada33f9a543643d2f7f67652f87ecd3681bb194ffe9bf5c22
SHA512

300b0214df0f93b0614f31a37571700cd989ba2b68817fe2a7778bd152b8964201614242c5e23d662f042b5bbf98056fc6fb3b23182f738d4a7731bb2b840788
SSDEEP

49152:UlSJVlG5MyeY1X7aMJxWRCdIVxSN+CMt4El72W/vKbb//0Sw6j7CSwzBNTyMcp:UwK5MzY1LakWQixSNLMt4EMWabb//0Sn

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1756	c3582b05c1ee2ef091cb1b9e0d4235a6.exe

Executes dropped EXE 1 IoCs

pid	Process
1756	c3582b05c1ee2ef091cb1b9e0d4235a6.exe

Loads dropped DLL 1 IoCs

pid	Process
2064	c3582b05c1ee2ef091cb1b9e0d4235a6.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2064-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c00000001225d-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2064	c3582b05c1ee2ef091cb1b9e0d4235a6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2064	c3582b05c1ee2ef091cb1b9e0d4235a6.exe
1756	c3582b05c1ee2ef091cb1b9e0d4235a6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 1756	2064	c3582b05c1ee2ef091cb1b9e0d4235a6.exe	28
PID 2064 wrote to memory of 1756	2064	c3582b05c1ee2ef091cb1b9e0d4235a6.exe	28
PID 2064 wrote to memory of 1756	2064	c3582b05c1ee2ef091cb1b9e0d4235a6.exe	28
PID 2064 wrote to memory of 1756	2064	c3582b05c1ee2ef091cb1b9e0d4235a6.exe	28

C:\Users\Admin\AppData\Local\Temp\c3582b05c1ee2ef091cb1b9e0d4235a6.exe
"C:\Users\Admin\AppData\Local\Temp\c3582b05c1ee2ef091cb1b9e0d4235a6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Users\Admin\AppData\Local\Temp\c3582b05c1ee2ef091cb1b9e0d4235a6.exe
  C:\Users\Admin\AppData\Local\Temp\c3582b05c1ee2ef091cb1b9e0d4235a6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c3582b05c1ee2ef091cb1b9e0d4235a6.exe

Filesize
2.7MB

MD5
34d1e2cbb1c1679c8484b622e21312fa

SHA1
9d3357ae243e5cf9b202ebbf5573c31253e33280

SHA256
6dba4015ca659b9610b63589f1859f75c781de8d1304d5cefa29c1d2503bc4a9

SHA512
d16836878ce104d15c0d2b12b6603535d2d103ea464a893022934d06f8f353ac2f63bc75e5d419cce67387a95e284e955bbfa4fe50dca2d4f9571a0a4779a749

Download Submit
memory/1756-24-0x0000000003430000-0x000000000365A000-memory.dmp

Filesize
2.2MB

Download
memory/1756-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1756-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1756-18-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/1756-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1756-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2064-3-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2064-15-0x00000000038C0000-0x0000000003DAF000-memory.dmp

Filesize
4.9MB

Download
memory/2064-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2064-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2064-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2064-31-0x00000000038C0000-0x0000000003DAF000-memory.dmp

Filesize
4.9MB

Download