c3b5677bcc4eca780769484da27129c6c700f58ec451037b48459c1997db843b

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c61d23cdfcb1361604e5cf7a8917fa2f.exe
Size

4.8MB
MD5

c61d23cdfcb1361604e5cf7a8917fa2f
SHA1

a737e6f4e1dca4708c988f8788bd29f8142f44bb
SHA256

c3b5677bcc4eca780769484da27129c6c700f58ec451037b48459c1997db843b
SHA512

d6dac9a2f45b55b72fea84db1fb92c4569ac1c5b6c30583fd59d60a8e66198e64dd2514cc0aed9673cd97f2c4fcc6721bb0c4de7954a2e43c152fa61708e68fc
SSDEEP

98304:chIFZZbRdgg3gnl/IVUs1jeCB1HuUuN1EJgg3gnl/IVUs1jr:cugl/iBBB1hm1Wgl/iBP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2500	c61d23cdfcb1361604e5cf7a8917fa2f.exe

Executes dropped EXE 1 IoCs

pid	Process
2500	c61d23cdfcb1361604e5cf7a8917fa2f.exe

Loads dropped DLL 1 IoCs

pid	Process
1752	c61d23cdfcb1361604e5cf7a8917fa2f.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1752-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012226-13.dat	upx
behavioral1/files/0x0009000000012226-10.dat	upx
behavioral1/memory/2500-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1752	c61d23cdfcb1361604e5cf7a8917fa2f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1752	c61d23cdfcb1361604e5cf7a8917fa2f.exe
2500	c61d23cdfcb1361604e5cf7a8917fa2f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2500	1752	c61d23cdfcb1361604e5cf7a8917fa2f.exe	28
PID 1752 wrote to memory of 2500	1752	c61d23cdfcb1361604e5cf7a8917fa2f.exe	28
PID 1752 wrote to memory of 2500	1752	c61d23cdfcb1361604e5cf7a8917fa2f.exe	28
PID 1752 wrote to memory of 2500	1752	c61d23cdfcb1361604e5cf7a8917fa2f.exe	28

C:\Users\Admin\AppData\Local\Temp\c61d23cdfcb1361604e5cf7a8917fa2f.exe
"C:\Users\Admin\AppData\Local\Temp\c61d23cdfcb1361604e5cf7a8917fa2f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Users\Admin\AppData\Local\Temp\c61d23cdfcb1361604e5cf7a8917fa2f.exe
  C:\Users\Admin\AppData\Local\Temp\c61d23cdfcb1361604e5cf7a8917fa2f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c61d23cdfcb1361604e5cf7a8917fa2f.exe

Filesize
768KB

MD5
5a51e6dc9523a25c7c4a2eaf39d56def

SHA1
664fc02afc10649f2922e621290b3716dc10cdf6

SHA256
9261cf5a17a5c57697d05062dfa916947c81fc2fb0738994fe3336cbe32c8898

SHA512
91d1e2bfa294ee8bb4886eb3fcc04c5d6e0f0ca6a6c416f1352966018b46e883bb57a38c59019569bb0475c9b915631e8fdb7a26c9dc82d3f30e5ea1d3442ea4

Download Submit
\Users\Admin\AppData\Local\Temp\c61d23cdfcb1361604e5cf7a8917fa2f.exe

Filesize
3.7MB

MD5
eb95124b1c0d74557f0978b426ae6dda

SHA1
ec6e75a3c60393aa80e0617179f39dd05e44b7a6

SHA256
de4bc6f0462cb5aaff0ec277778206035f46b3732f9c03e37c04edfb01b28025

SHA512
51daa5547789ae58cd189ab6952d9e1279982b91cb9014ca559016ed738fb24038f120d38c71a11c12139ec447cdda2e401fa6b8362e31cd7eaf55ae9ba89c0d

Download Submit
memory/1752-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1752-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1752-15-0x0000000003BB0000-0x000000000409F000-memory.dmp

Filesize
4.9MB

Download
memory/1752-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1752-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1752-31-0x0000000003BB0000-0x000000000409F000-memory.dmp

Filesize
4.9MB

Download
memory/2500-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2500-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2500-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2500-24-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/2500-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2500-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download