0ce0de5a9711735a0d22866a6ebaa82cd0b27e00e25e1ac1794c53434104279a

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c68dfcad7d24f5dfb30b2eb149ed7d7e.exe
Size

2.9MB
MD5

c68dfcad7d24f5dfb30b2eb149ed7d7e
SHA1

aa946694c5911bc0690117817d06e52c97f0a66a
SHA256

0ce0de5a9711735a0d22866a6ebaa82cd0b27e00e25e1ac1794c53434104279a
SHA512

95db60ef230fa3e8b886bb79d21019fde30bd90c497dac684df540126e17be67ee3258e7ba343c0fd549a2e9d151093866962638f1dacd8a14e3b27131b8b149
SSDEEP

49152:Jk0c0f4v2ZbSmApYAEwdXzKBAjLzYN74NH5HUyNRcUsCVOzetdZJ:df9ZbSpJOuLE4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2528	c68dfcad7d24f5dfb30b2eb149ed7d7e.exe

Executes dropped EXE 1 IoCs

pid	Process
2528	c68dfcad7d24f5dfb30b2eb149ed7d7e.exe

Loads dropped DLL 1 IoCs

pid	Process
1760	c68dfcad7d24f5dfb30b2eb149ed7d7e.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1760-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d000000014466-13.dat	upx
behavioral1/files/0x000d000000014466-10.dat	upx
behavioral1/memory/2528-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d000000014466-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1760	c68dfcad7d24f5dfb30b2eb149ed7d7e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1760	c68dfcad7d24f5dfb30b2eb149ed7d7e.exe
2528	c68dfcad7d24f5dfb30b2eb149ed7d7e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 2528	1760	c68dfcad7d24f5dfb30b2eb149ed7d7e.exe	28
PID 1760 wrote to memory of 2528	1760	c68dfcad7d24f5dfb30b2eb149ed7d7e.exe	28
PID 1760 wrote to memory of 2528	1760	c68dfcad7d24f5dfb30b2eb149ed7d7e.exe	28
PID 1760 wrote to memory of 2528	1760	c68dfcad7d24f5dfb30b2eb149ed7d7e.exe	28

C:\Users\Admin\AppData\Local\Temp\c68dfcad7d24f5dfb30b2eb149ed7d7e.exe
"C:\Users\Admin\AppData\Local\Temp\c68dfcad7d24f5dfb30b2eb149ed7d7e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Users\Admin\AppData\Local\Temp\c68dfcad7d24f5dfb30b2eb149ed7d7e.exe
  C:\Users\Admin\AppData\Local\Temp\c68dfcad7d24f5dfb30b2eb149ed7d7e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c68dfcad7d24f5dfb30b2eb149ed7d7e.exe

Filesize
1.2MB

MD5
6cf7341dddf0563bf3951cafb0b26261

SHA1
72562868c9d65dfe23c5abfb0102a0f2c3762e0a

SHA256
e164a87f6aa2efd9eaa8ce84d8777c8a8a4635607218131ec1617caf3a443ed4

SHA512
e3a729cc85911dd6922c85ef33acd23c5d796c67f53b5d1a41c724bb1ba246a1704faa624b370f0670d853af946a713c583d1d989daea1495dfad842c6464bc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\c68dfcad7d24f5dfb30b2eb149ed7d7e.exe

Filesize
1.2MB

MD5
e73641e61e64beffe9832d2080d8f6ff

SHA1
dd3745a7947b895a07ea5fe260ec97425bd8068a

SHA256
a3285062a3115246f0de68859ba208ebc520ff1db8d551ac3ba41b63119c613c

SHA512
b4723728593b2a4a29d0b05f5ad5331393f587ed938ace71bf425c7c98c1a7d4b5d7956f96c529c1f5b5d4d0b23b3b1f46d3f4fc9b3811772d75ce489296e0ac

Download Submit
\Users\Admin\AppData\Local\Temp\c68dfcad7d24f5dfb30b2eb149ed7d7e.exe

Filesize
1.3MB

MD5
26a69fcd8ce83db0736009491a1bc768

SHA1
4ba435ca2718152cec6367143789eed7ccfcc6c6

SHA256
818e11065e29f7feaa48310e01fb5da8698d153fd926b22f93592cc6f3492bf7

SHA512
4621a30ef846b5cb7bba4a82b565f61375fade3bf5a93c7b66b96fa3a4b5dbbe888fb313587a0a17526e1476f12f5aa52d87fdf13ad28019e4ecfafd9b079e2b

Download Submit
memory/1760-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1760-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1760-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1760-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2528-15-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2528-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2528-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2528-23-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2528-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2528-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download