effd935e82a8cb1be6ec17b1359b835f888cc8008192cc3eba2c6dbc094c8c06

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-03-2024 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4cb5651bd06acb73271edded5c5fff7.exe
Size

5.3MB
MD5

c4cb5651bd06acb73271edded5c5fff7
SHA1

8a91a7f06f09355d0129b8da81fa10b6e2fd35e6
SHA256

effd935e82a8cb1be6ec17b1359b835f888cc8008192cc3eba2c6dbc094c8c06
SHA512

de9d72f24982480cc7931340a010542a87efc6da05e775ca17854f04b5a08b9759655c96e7c181fb4e05d123beebcb16ef3761dd6e500adb848404b3d36aac58
SSDEEP

98304:Dy47VBecmFc5+81w8W5E4QfFUEVxeFBLa5+81w8W5p:Dy47Vnmv8PfFrsBLL8w

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1936	c4cb5651bd06acb73271edded5c5fff7.exe

Executes dropped EXE 1 IoCs

pid	Process
1936	c4cb5651bd06acb73271edded5c5fff7.exe

Loads dropped DLL 1 IoCs

pid	Process
2528	c4cb5651bd06acb73271edded5c5fff7.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2528-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012251-10.dat	upx
behavioral1/files/0x000b000000012251-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2528	c4cb5651bd06acb73271edded5c5fff7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2528	c4cb5651bd06acb73271edded5c5fff7.exe
1936	c4cb5651bd06acb73271edded5c5fff7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 1936	2528	c4cb5651bd06acb73271edded5c5fff7.exe	28
PID 2528 wrote to memory of 1936	2528	c4cb5651bd06acb73271edded5c5fff7.exe	28
PID 2528 wrote to memory of 1936	2528	c4cb5651bd06acb73271edded5c5fff7.exe	28
PID 2528 wrote to memory of 1936	2528	c4cb5651bd06acb73271edded5c5fff7.exe	28

C:\Users\Admin\AppData\Local\Temp\c4cb5651bd06acb73271edded5c5fff7.exe
"C:\Users\Admin\AppData\Local\Temp\c4cb5651bd06acb73271edded5c5fff7.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Users\Admin\AppData\Local\Temp\c4cb5651bd06acb73271edded5c5fff7.exe
  C:\Users\Admin\AppData\Local\Temp\c4cb5651bd06acb73271edded5c5fff7.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c4cb5651bd06acb73271edded5c5fff7.exe

Filesize
1.1MB

MD5
e029036da6d5e7f95a84e2edd2d342b4

SHA1
a14f961440e8bd1c1b8545c8f80a03e700661ed5

SHA256
512b234e98e321e7249b2000e2f5c0e98bb09431b91c07b36dd480b51b7e3d6a

SHA512
de0631faf3e88da5e512e975cc77bbb774c37d45043dbc028a14929cc3d17e6a0c764e0da5fe884762af665dbf6c8e5baed1aa11a39acfe2fae858d2602146a5

Download Submit
\Users\Admin\AppData\Local\Temp\c4cb5651bd06acb73271edded5c5fff7.exe

Filesize
1.7MB

MD5
348161b3b9fd55f38e2402c956c46109

SHA1
49a37644ee080850b6eaced308df44ca272875f1

SHA256
174e61127568ce001dc183e3b496bd323f3555a2356777131279d38fb08c6677

SHA512
cbb0f2288f409352a2e08af507484d8fa9397571b2f3c2b6632d30e4c6847a95d536c05109e3a61eeada3e53b8989eafa4ebf831ee562a212cb6e65d7aaa06e4

Download Submit
memory/1936-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1936-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1936-20-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/1936-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1936-26-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/1936-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2528-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2528-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2528-15-0x0000000003CD0000-0x00000000041BF000-memory.dmp

Filesize
4.9MB

Download
memory/2528-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2528-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2528-31-0x0000000003CD0000-0x00000000041BF000-memory.dmp

Filesize
4.9MB

Download