d1c91f347ea28557fa52652206d9ffbe55a1da28e0fc4f62ec230d0d410fd533

Analysis

max time kernel
120s
max time network
139s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6193d5611523a786a867070315db79d.exe
Size

11.7MB
MD5

c6193d5611523a786a867070315db79d
SHA1

2d29ccf91441286e2ab89d58beeb5c5f69bf9455
SHA256

d1c91f347ea28557fa52652206d9ffbe55a1da28e0fc4f62ec230d0d410fd533
SHA512

4f80f3f09cf787954e9c71c3006674b0b447042fa293a10ad59d8b8e46eaff7d4f9a56383b23221dfd957c406d0978a236223c30066a0901d37882aabcf4cfa9
SSDEEP

196608:dkjjgl/iBiPvwsYWDPgl/iBiPVDAWkgl/iBiPvwsYWDPgl/iBiP:dkjj2imwsYWDP2i4k2imwsYWDP2i

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1996	c6193d5611523a786a867070315db79d.exe

Executes dropped EXE 1 IoCs

pid	Process
1996	c6193d5611523a786a867070315db79d.exe

Loads dropped DLL 1 IoCs

pid	Process
1424	c6193d5611523a786a867070315db79d.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1424-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012251-10.dat	upx
behavioral1/files/0x0009000000012251-15.dat	upx
behavioral1/memory/1996-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/1424-12-0x0000000004A60000-0x0000000004F4F000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1424	c6193d5611523a786a867070315db79d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1424	c6193d5611523a786a867070315db79d.exe
1996	c6193d5611523a786a867070315db79d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 1996	1424	c6193d5611523a786a867070315db79d.exe	28
PID 1424 wrote to memory of 1996	1424	c6193d5611523a786a867070315db79d.exe	28
PID 1424 wrote to memory of 1996	1424	c6193d5611523a786a867070315db79d.exe	28
PID 1424 wrote to memory of 1996	1424	c6193d5611523a786a867070315db79d.exe	28

C:\Users\Admin\AppData\Local\Temp\c6193d5611523a786a867070315db79d.exe
"C:\Users\Admin\AppData\Local\Temp\c6193d5611523a786a867070315db79d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Users\Admin\AppData\Local\Temp\c6193d5611523a786a867070315db79d.exe
  C:\Users\Admin\AppData\Local\Temp\c6193d5611523a786a867070315db79d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c6193d5611523a786a867070315db79d.exe

Filesize
3.8MB

MD5
25a2c81a2cf736883760d5f6baee1ad4

SHA1
a447cf2a4cff653fc225fbf63db99628e9c21e4e

SHA256
34ff43fbe922bbe2a97c106aaeae39545a9be12f04ac8d96d56819ffdf6da0d4

SHA512
23be2c60d56c53f378773a47b9e65210d6f797d0fd534f2f94e9a1cea45aa2530358db1260b31b8045e90fbb940d89f6e163c62a8fbbf8de868d7cacb6d8cf3a

Download Submit
\Users\Admin\AppData\Local\Temp\c6193d5611523a786a867070315db79d.exe

Filesize
3.9MB

MD5
fc2030778db07f626e48efdc01dbc383

SHA1
9fcbc8581c0870bd64a31a631e9737aabd526b24

SHA256
df1468d109dc2d4b8ab1b310d6407ba5090f756d4150b055e81c65107ef4e0fd

SHA512
7d2b7739821d61c2030e28efd1c71102fbf2a4f7faf41b9ed6ee9c77e631a2ee341b02b295296cceb5af67e998c8b7dc87a4cc7e21fb144eae33e5bd58839f7c

Download Submit
memory/1424-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1424-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1424-2-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/1424-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1424-12-0x0000000004A60000-0x0000000004F4F000-memory.dmp

Filesize
4.9MB

Download
memory/1996-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1996-19-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1996-18-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/1996-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1996-25-0x0000000003430000-0x000000000365A000-memory.dmp

Filesize
2.2MB

Download
memory/1996-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download