6e00d00b173664de710286d344454e46aca8a6e6e81c75c89d19abba64423767

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c47a4988e113f3a873a89a4fbc4b4811.exe
Size

5.3MB
MD5

c47a4988e113f3a873a89a4fbc4b4811
SHA1

4e0c78d20d57fea8d3fb687902feb399c21c68be
SHA256

6e00d00b173664de710286d344454e46aca8a6e6e81c75c89d19abba64423767
SHA512

60bc56117748e1703b67b16eb030440fc5193f562cc94e011d83241a504340982dab8c789078f2fbbd20996170f537296ded86f90e1e38baa5f0afe39ea8d423
SSDEEP

98304:2v+vXqBu48N8Etsf2yHX01YP9BiAVeAKw2HqLG//tnT5Tx4dDB9HX01YP9BiAVev:YcXqBN8NDts5j9IAKw2sG//J9TW3j9Iv

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2440	c47a4988e113f3a873a89a4fbc4b4811.exe

Executes dropped EXE 1 IoCs

pid	Process
2440	c47a4988e113f3a873a89a4fbc4b4811.exe

Loads dropped DLL 1 IoCs

pid	Process
2008	c47a4988e113f3a873a89a4fbc4b4811.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2008-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x00080000000122cd-10.dat	upx
behavioral1/files/0x00080000000122cd-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2008	c47a4988e113f3a873a89a4fbc4b4811.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2008	c47a4988e113f3a873a89a4fbc4b4811.exe
2440	c47a4988e113f3a873a89a4fbc4b4811.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2440	2008	c47a4988e113f3a873a89a4fbc4b4811.exe	28
PID 2008 wrote to memory of 2440	2008	c47a4988e113f3a873a89a4fbc4b4811.exe	28
PID 2008 wrote to memory of 2440	2008	c47a4988e113f3a873a89a4fbc4b4811.exe	28
PID 2008 wrote to memory of 2440	2008	c47a4988e113f3a873a89a4fbc4b4811.exe	28

C:\Users\Admin\AppData\Local\Temp\c47a4988e113f3a873a89a4fbc4b4811.exe
"C:\Users\Admin\AppData\Local\Temp\c47a4988e113f3a873a89a4fbc4b4811.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\c47a4988e113f3a873a89a4fbc4b4811.exe
  C:\Users\Admin\AppData\Local\Temp\c47a4988e113f3a873a89a4fbc4b4811.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c47a4988e113f3a873a89a4fbc4b4811.exe

Filesize
1.3MB

MD5
5378359388b40270baf409a841ac6b18

SHA1
a196d3ed1d1ab9e2e63053fcde9e41a9301771c8

SHA256
6ce3f682e59c60913f7daa30b6f1943bc492e63b3933a8ec0cd8c2a2a33e9b9f

SHA512
bfa452a304310881dda4f4d3fbdd5e880c888edc1b2a99b2b783796462d29e8326bf43173946cc75ea0c4be35b221f81f56c80c1fd4873b75fccee545ec82eee

Download Submit
\Users\Admin\AppData\Local\Temp\c47a4988e113f3a873a89a4fbc4b4811.exe

Filesize
1.7MB

MD5
f6f14660c93122bc4b09966eccd2e198

SHA1
47a173d53aeec068090150e7bb9a21654b454385

SHA256
57299d8c9bc1ef1727c74a0090d7e701cf7337fbbc961d98e15aa612cb616a76

SHA512
2ca933903e140848166cc9b6c41b54e780d135b0683d0c1c0c0eef3c4f1d8b895009f1731926fb09c886d0db166b27c42f1fe7269af0dff740e59e6ad4d2d378

Download Submit
memory/2008-14-0x0000000003DC0000-0x00000000042A7000-memory.dmp

Filesize
4.9MB

Download
memory/2008-3-0x00000000002A0000-0x00000000003D1000-memory.dmp

Filesize
1.2MB

Download
memory/2008-0-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2008-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2008-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2440-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2440-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2440-19-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2440-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2440-25-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2440-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download