ab437b25d0cf63f4558353626929707c845779129d7656222551ce66313f6309

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4c6fce033fe0bb8f6be48bd5edafaa7.exe
Size

2.9MB
MD5

c4c6fce033fe0bb8f6be48bd5edafaa7
SHA1

6966ad94e9520e788dade74ff62abac7354b6e25
SHA256

ab437b25d0cf63f4558353626929707c845779129d7656222551ce66313f6309
SHA512

402a3659faa3d5f59bae678cdb2cd48b8963d2bffa1ed80779f534feefe84ad444823e124cab128505cad202aa6682eca2ca62553d9ff2d0ddada407bd4f4571
SSDEEP

49152:rumCPRshwXO/8TsyztaeTN74NH5HUyNRcUsCVOzetdZJ:rutZteUhtpT4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2648	c4c6fce033fe0bb8f6be48bd5edafaa7.exe

Executes dropped EXE 1 IoCs

pid	Process
2648	c4c6fce033fe0bb8f6be48bd5edafaa7.exe

Loads dropped DLL 1 IoCs

pid	Process
2368	c4c6fce033fe0bb8f6be48bd5edafaa7.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2368-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d000000012256-12.dat	upx
behavioral1/files/0x000d000000012256-15.dat	upx
behavioral1/files/0x000d000000012256-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2368	c4c6fce033fe0bb8f6be48bd5edafaa7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2368	c4c6fce033fe0bb8f6be48bd5edafaa7.exe
2648	c4c6fce033fe0bb8f6be48bd5edafaa7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2648	2368	c4c6fce033fe0bb8f6be48bd5edafaa7.exe	28
PID 2368 wrote to memory of 2648	2368	c4c6fce033fe0bb8f6be48bd5edafaa7.exe	28
PID 2368 wrote to memory of 2648	2368	c4c6fce033fe0bb8f6be48bd5edafaa7.exe	28
PID 2368 wrote to memory of 2648	2368	c4c6fce033fe0bb8f6be48bd5edafaa7.exe	28

C:\Users\Admin\AppData\Local\Temp\c4c6fce033fe0bb8f6be48bd5edafaa7.exe
"C:\Users\Admin\AppData\Local\Temp\c4c6fce033fe0bb8f6be48bd5edafaa7.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Temp\c4c6fce033fe0bb8f6be48bd5edafaa7.exe
  C:\Users\Admin\AppData\Local\Temp\c4c6fce033fe0bb8f6be48bd5edafaa7.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c4c6fce033fe0bb8f6be48bd5edafaa7.exe

Filesize
564KB

MD5
2191e547b1f2a767a7ec7a664f806652

SHA1
c48b1f3af0859516ae5301e35d594d02c7a2c537

SHA256
fc984be578cd9213f444132ae05fd8d636675e3bff235ca717395baf67db00a8

SHA512
eadd32f48be24df7a51be6dde9f0ae20c5381479477eedeb02df5f34f91c55c4810cd4a5e4e33b3cdcbb045450be2ac39bd8700a2b441adac19d5aaa0b7ef53c

Download Submit
C:\Users\Admin\AppData\Local\Temp\c4c6fce033fe0bb8f6be48bd5edafaa7.exe

Filesize
640KB

MD5
159fda47fe07e17206936764270dcdb8

SHA1
f77d0218b6e8f6b48e86098ac3a34d9f6dd8920a

SHA256
26336833e9a5837cb4fdffd640d595b4ccdb631885956f4149d2039fee955c05

SHA512
b79d09bb24aa9e56a724e8052c8ac64e8af8a35ca6fc99eee80e20b5c235b63443e77f7ff2cb3ddcd8bbf43922667d401c107ccb6342ce4e131ba6d690eed3f2

Download Submit
\Users\Admin\AppData\Local\Temp\c4c6fce033fe0bb8f6be48bd5edafaa7.exe

Filesize
369KB

MD5
e85e797a5eb17f088928b59fb698edd9

SHA1
d14439ce667643159f1d283585d3ff931baa9bc9

SHA256
49e5e839372efdf8fcf3e6f059ec6524af08e587358415b7d1f50b1411a2193a

SHA512
87326d98508755884757dda52d6f5a194cd23126568d1a1414c51ecd30f6ac3ca20e2bf258e5f515bca245c12f1a6cc906cec85fa8d1c7bd0a8b811e5100e16f

Download Submit
memory/2368-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2368-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2368-14-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2368-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2368-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2368-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2648-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2648-19-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2648-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2648-24-0x0000000003570000-0x000000000379A000-memory.dmp

Filesize
2.2MB

Download
memory/2648-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2648-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download