13d95ba4c0b1bc0e8d76ce667065ea3d2c0217f601ead878fc31a1119a9045da

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7535146451d9d744e2807c6d5264675.exe
Size

2.9MB
MD5

c7535146451d9d744e2807c6d5264675
SHA1

e802afc3b9694d183b2921b3aba438e4944847b0
SHA256

13d95ba4c0b1bc0e8d76ce667065ea3d2c0217f601ead878fc31a1119a9045da
SHA512

55f07162d54b30958606c3f83a10653a8be78ce21196b8f6522d3642e25f3be57c98d8e862443cfbf859dbc4308c0e2927607888a80a3e6ae21c109770d2f3e5
SSDEEP

49152:elIrh3oZD2vS2y/OznAqGzE2N/5tLN74NH5HUyNRcUsCVOzetdZJ:eq1nvSSEqv2N/zL4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2512	c7535146451d9d744e2807c6d5264675.exe

Executes dropped EXE 1 IoCs

pid	Process
2512	c7535146451d9d744e2807c6d5264675.exe

Loads dropped DLL 1 IoCs

pid	Process
2156	c7535146451d9d744e2807c6d5264675.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2156-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012252-13.dat	upx
behavioral1/files/0x0009000000012252-12.dat	upx
behavioral1/files/0x0009000000012252-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2156	c7535146451d9d744e2807c6d5264675.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2156	c7535146451d9d744e2807c6d5264675.exe
2512	c7535146451d9d744e2807c6d5264675.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2512	2156	c7535146451d9d744e2807c6d5264675.exe	28
PID 2156 wrote to memory of 2512	2156	c7535146451d9d744e2807c6d5264675.exe	28
PID 2156 wrote to memory of 2512	2156	c7535146451d9d744e2807c6d5264675.exe	28
PID 2156 wrote to memory of 2512	2156	c7535146451d9d744e2807c6d5264675.exe	28

C:\Users\Admin\AppData\Local\Temp\c7535146451d9d744e2807c6d5264675.exe
"C:\Users\Admin\AppData\Local\Temp\c7535146451d9d744e2807c6d5264675.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\c7535146451d9d744e2807c6d5264675.exe
  C:\Users\Admin\AppData\Local\Temp\c7535146451d9d744e2807c6d5264675.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c7535146451d9d744e2807c6d5264675.exe

Filesize
443KB

MD5
0b1a6069c8f848c9b1b59efeb480119b

SHA1
86baea59f580e0d5dae9cfbae32c2be1cf3eee67

SHA256
c4349a3f514fdd6f72e2c16e1f7354475c3939d1967362c6ad048657c626a8f2

SHA512
d8dbffaed12511db3c01582c2625083a650922b61055ddf027fa2430a14afa89fa3921cfd53013422c9617b4b43a4ab1167a84d0385204cdd0e5ba0b907eae48

Download Submit
C:\Users\Admin\AppData\Local\Temp\c7535146451d9d744e2807c6d5264675.exe

Filesize
280KB

MD5
c7a97ecbf54cd34d3c00685672758dea

SHA1
9eb1fac629e6fff12c729db7298d28fd55a22dbe

SHA256
e8b3eaff8a06fda8c6209afd86f3c2b1666144470593c100df5da4f73adf363c

SHA512
5abf4845493647174c6846deab13b589744e2ed515d9d1b091d55546712dd76fa15076c8fb9bd988b8ad831ab26501b112b8ca194fe7c7d0348baea9a446245c

Download Submit
\Users\Admin\AppData\Local\Temp\c7535146451d9d744e2807c6d5264675.exe

Filesize
672KB

MD5
68926d91115cd49a0e8d7a1b530b4289

SHA1
b312fdd25597b17eb7852b0c1cd9493ff0f8f29d

SHA256
6cfc1742a8a0ada9eb36c3882556f86332929c92ee9706a91063a5b40dfa295f

SHA512
1188ece1af2b6474995e5c1aa61affeaecc0da8fde9f8958260da3a8eb5e3195b805d5715b13160fb7594179a3db3ef6b9288f17cc474819ccbacafe63d98574

Download Submit
memory/2156-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2156-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2156-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2156-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2512-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2512-16-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2512-23-0x0000000003430000-0x000000000365A000-memory.dmp

Filesize
2.2MB

Download
memory/2512-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2512-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2512-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download