1a958969cf991aa8fc1f3f2f304209a2eced807d54ade98aff2509efdc2a82d8

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 18:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c6a0f83ab0d4a1b21ead87eb97f4be35.exe
Size

11.7MB
MD5

c6a0f83ab0d4a1b21ead87eb97f4be35
SHA1

12ef6d8e84f983be75a6b5556801621c6c9b0b3e
SHA256

1a958969cf991aa8fc1f3f2f304209a2eced807d54ade98aff2509efdc2a82d8
SHA512

1da78e89a2d710fbe2d2fc9cab57e156a245e88a7e2a86d2c4ad46f1d72751ec91e1fb50c1873e72748a3c7cdc86f867a518ba15e28ba5cb6c77f01fcc6004c1
SSDEEP

196608:hRbqHKwZvNgbCyrlMR55wZvNgbcJrQnzMwZvNgbCyrlMR55wZvNgb:6HRUb/mCUbRUb/mCUb

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2028	c6a0f83ab0d4a1b21ead87eb97f4be35.exe

Executes dropped EXE 1 IoCs

pid	Process
2028	c6a0f83ab0d4a1b21ead87eb97f4be35.exe

Loads dropped DLL 1 IoCs

pid	Process
2960	c6a0f83ab0d4a1b21ead87eb97f4be35.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2960-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c0000000133a4-10.dat	upx
behavioral1/files/0x000c0000000133a4-14.dat	upx
behavioral1/memory/2028-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2960	c6a0f83ab0d4a1b21ead87eb97f4be35.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2960	c6a0f83ab0d4a1b21ead87eb97f4be35.exe
2028	c6a0f83ab0d4a1b21ead87eb97f4be35.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 2028	2960	c6a0f83ab0d4a1b21ead87eb97f4be35.exe	28
PID 2960 wrote to memory of 2028	2960	c6a0f83ab0d4a1b21ead87eb97f4be35.exe	28
PID 2960 wrote to memory of 2028	2960	c6a0f83ab0d4a1b21ead87eb97f4be35.exe	28
PID 2960 wrote to memory of 2028	2960	c6a0f83ab0d4a1b21ead87eb97f4be35.exe	28

C:\Users\Admin\AppData\Local\Temp\c6a0f83ab0d4a1b21ead87eb97f4be35.exe
"C:\Users\Admin\AppData\Local\Temp\c6a0f83ab0d4a1b21ead87eb97f4be35.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Users\Admin\AppData\Local\Temp\c6a0f83ab0d4a1b21ead87eb97f4be35.exe
  C:\Users\Admin\AppData\Local\Temp\c6a0f83ab0d4a1b21ead87eb97f4be35.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c6a0f83ab0d4a1b21ead87eb97f4be35.exe

Filesize
1.1MB

MD5
3c8160b8e5489ae691555ac041fb98c3

SHA1
01e14526f8b9f27a67c24a9d6f2166aa95356471

SHA256
ff58773d6155a3794d151af25fd86b665c07639ec4a3126466868b863e973deb

SHA512
46b8d95b108ba651054b90efab8b9134601b0eb7d7d4ad0e0386c551723a6026f86ff90d4d186a17bedbca459cacec7caf8ebc178aa5e7e3b93af8dd88cfd4dc

Download Submit
\Users\Admin\AppData\Local\Temp\c6a0f83ab0d4a1b21ead87eb97f4be35.exe

Filesize
2.6MB

MD5
29e611237fb9056c00c06bba84befe50

SHA1
9663b78b0bc330722fd2ae70c1cc4cd91856a3e5

SHA256
c77eb3e2d537dd3172dab339e93758a8ed5ead9921f04525f79d4095875fd334

SHA512
99f287f4472e2e7d79a119a0919bd00208ba09cf5cd614163c68ee6fa8b66397a290bb5d214f80134abaaf78a426c85f920005558e7d65717eb8fa6ff376882e

Download Submit
memory/2028-17-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2028-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2028-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2028-24-0x00000000033F0000-0x000000000361A000-memory.dmp

Filesize
2.2MB

Download
memory/2028-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2028-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2960-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2960-13-0x0000000004970000-0x0000000004E5F000-memory.dmp

Filesize
4.9MB

Download
memory/2960-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2960-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2960-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download