67074c18979a307e2ca95a1430282b971c5cb84379d8c19fe5e9c4c27ffe778a

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 18:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c6a0fba89b684b04b551cf2752dfb3b7.exe
Size

5.3MB
MD5

c6a0fba89b684b04b551cf2752dfb3b7
SHA1

f3838168546afcdb4c6da013f1740f98d3478471
SHA256

67074c18979a307e2ca95a1430282b971c5cb84379d8c19fe5e9c4c27ffe778a
SHA512

7aab7bf1994f2fd077ce2af4bf695e3baca53aabefb6aa4292b58ed9bb184ef6f97d39f69bce757464c80897e1d6d338210f6b9cdba30609bea6be8c7342ba4c
SSDEEP

98304:ehWqoUp3b9qhPkZcm3rfZNHdyA9A06iVaaVIJSH8kUEneP+3MEeSsa2rHdyA9A03:LCfjnZN9yEBhV1xRUWePHEeSi9yEBhVr

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2504	c6a0fba89b684b04b551cf2752dfb3b7.exe

Executes dropped EXE 1 IoCs

pid	Process
2504	c6a0fba89b684b04b551cf2752dfb3b7.exe

Loads dropped DLL 1 IoCs

pid	Process
1640	c6a0fba89b684b04b551cf2752dfb3b7.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1640-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0009000000015c9a-10.dat	upx
behavioral1/files/0x0009000000015c9a-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1640	c6a0fba89b684b04b551cf2752dfb3b7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1640	c6a0fba89b684b04b551cf2752dfb3b7.exe
2504	c6a0fba89b684b04b551cf2752dfb3b7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 2504	1640	c6a0fba89b684b04b551cf2752dfb3b7.exe	28
PID 1640 wrote to memory of 2504	1640	c6a0fba89b684b04b551cf2752dfb3b7.exe	28
PID 1640 wrote to memory of 2504	1640	c6a0fba89b684b04b551cf2752dfb3b7.exe	28
PID 1640 wrote to memory of 2504	1640	c6a0fba89b684b04b551cf2752dfb3b7.exe	28

C:\Users\Admin\AppData\Local\Temp\c6a0fba89b684b04b551cf2752dfb3b7.exe
"C:\Users\Admin\AppData\Local\Temp\c6a0fba89b684b04b551cf2752dfb3b7.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Users\Admin\AppData\Local\Temp\c6a0fba89b684b04b551cf2752dfb3b7.exe
  C:\Users\Admin\AppData\Local\Temp\c6a0fba89b684b04b551cf2752dfb3b7.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c6a0fba89b684b04b551cf2752dfb3b7.exe

Filesize
537KB

MD5
ab16ba713b43d1ea08acab2acc64783a

SHA1
94d7544e52e4c8e2cc61e856a0f59900082d541e

SHA256
3baf53c6b581b4e75c2bdec8bd97579552c0eccbab26d6feb742356666bc09cb

SHA512
79c05969139e4164d9ad7591408b7baf9062920fae93d767159e737202b62c71370c8168cc7dcdcf905ef20e957d8a5bcc65fd2fdc69dad2f03c2b053b1c6999

Download Submit
\Users\Admin\AppData\Local\Temp\c6a0fba89b684b04b551cf2752dfb3b7.exe

Filesize
912KB

MD5
ddbfe271f38d660fb1248636f0481c57

SHA1
159112a9e770b15a36232c6e0874590d5590b8ae

SHA256
9d3e36e50ddc9c63687f767a8ee389c122906ca1665c669a679d319f0ab15b9d

SHA512
64ceb8ca02f84491d94fb2716dc72cc083ad559e874c659cccb404abc8a30f96ac878a77ec7ff9eed5b34fcd277764b22b150618ec9c6e4b3e541568399f6c49

Download Submit
memory/1640-16-0x0000000003D90000-0x0000000004277000-memory.dmp

Filesize
4.9MB

Download
memory/1640-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1640-1-0x0000000000270000-0x00000000003A1000-memory.dmp

Filesize
1.2MB

Download
memory/1640-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1640-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2504-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2504-19-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2504-21-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2504-25-0x0000000003580000-0x00000000037A2000-memory.dmp

Filesize
2.1MB

Download
memory/2504-24-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2504-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download