7997d2546d305b3016340899366e4ea120f80a22bf1c4fae96bfa87ccbc98cd9

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 14:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c3a5b55ee7140b02a9e3c7b58392547c.exe
Size

2.5MB
MD5

c3a5b55ee7140b02a9e3c7b58392547c
SHA1

e879ca0e22528e189ff62f10acafdae5f78e097e
SHA256

7997d2546d305b3016340899366e4ea120f80a22bf1c4fae96bfa87ccbc98cd9
SHA512

dcc1a7f79637188d32e24de8df19d59bb35d691a9cccbbb01d8aef43e089e55439f3ea859aa5ca64fc5067173e5bc3c68743b4ad27f6c1d168d4a51fa7f38da5
SSDEEP

49152:3I6xBfivsnb1o6h0X78WmAuhoN74NH5HUyNRcUsCVOzet0:3R7i0b1o6h1pzo4HBUCczz9

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2968	c3a5b55ee7140b02a9e3c7b58392547c.exe

Executes dropped EXE 1 IoCs

pid	Process
2968	c3a5b55ee7140b02a9e3c7b58392547c.exe

Loads dropped DLL 1 IoCs

pid	Process
2324	c3a5b55ee7140b02a9e3c7b58392547c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2324-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012252-10.dat	upx
behavioral1/files/0x0009000000012252-13.dat	upx
behavioral1/memory/2968-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2324	c3a5b55ee7140b02a9e3c7b58392547c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2324	c3a5b55ee7140b02a9e3c7b58392547c.exe
2968	c3a5b55ee7140b02a9e3c7b58392547c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2968	2324	c3a5b55ee7140b02a9e3c7b58392547c.exe	28
PID 2324 wrote to memory of 2968	2324	c3a5b55ee7140b02a9e3c7b58392547c.exe	28
PID 2324 wrote to memory of 2968	2324	c3a5b55ee7140b02a9e3c7b58392547c.exe	28
PID 2324 wrote to memory of 2968	2324	c3a5b55ee7140b02a9e3c7b58392547c.exe	28

C:\Users\Admin\AppData\Local\Temp\c3a5b55ee7140b02a9e3c7b58392547c.exe
"C:\Users\Admin\AppData\Local\Temp\c3a5b55ee7140b02a9e3c7b58392547c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Users\Admin\AppData\Local\Temp\c3a5b55ee7140b02a9e3c7b58392547c.exe
  C:\Users\Admin\AppData\Local\Temp\c3a5b55ee7140b02a9e3c7b58392547c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c3a5b55ee7140b02a9e3c7b58392547c.exe

Filesize
2.3MB

MD5
76adfaf9f30a432d9c4a31d9ed34c681

SHA1
8eee4aa9a1b69dfb93e39065d604cc8b4907bb57

SHA256
dcb47ccb05d2d97a0f3651160762058c4d94488032f86ac19cd2279b8a6c9101

SHA512
e4c2af15fac8e36468cce58f6d2a499691b900238a1f377b3bfd19fd180c2c65e83b93d77f0b3374d60ebe6fbfcc9cadc16508625df0235dc2f38c328a8ffaa9

Download Submit
\Users\Admin\AppData\Local\Temp\c3a5b55ee7140b02a9e3c7b58392547c.exe

Filesize
2.5MB

MD5
13f03f3a0d63d46cf05b007f561b0cd6

SHA1
17f056cf59de253c664bb138618e103f3a67b75d

SHA256
410b441b9b5455c57bb25c7e293f1df43587407306dd12d545ea8a6d1d55b9e5

SHA512
b2329da9ba96aa8b44ba20b80a0dc3e9773f4c1df8221f472a115570ade1113a05e274308a9b435962e2347ad308d60ad25b91c712c91c2822dacf6a7a42a212

Download Submit
memory/2324-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2324-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2324-15-0x0000000003730000-0x0000000003C1F000-memory.dmp

Filesize
4.9MB

Download
memory/2324-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2324-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2324-31-0x0000000003730000-0x0000000003C1F000-memory.dmp

Filesize
4.9MB

Download
memory/2968-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2968-19-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2968-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2968-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2968-25-0x00000000034E0000-0x000000000370A000-memory.dmp

Filesize
2.2MB

Download
memory/2968-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download