9e08f9ee6cbef032aadfd5e3030d7df872b18056f43b43ca1482f4f7289eae43

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 10:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c874314b4d1a8fcbbf4abb2e3eaf5469.exe
Size

1.3MB
MD5

c874314b4d1a8fcbbf4abb2e3eaf5469
SHA1

5e81d857f2f5d7bb041bbd966375572ddc819400
SHA256

9e08f9ee6cbef032aadfd5e3030d7df872b18056f43b43ca1482f4f7289eae43
SHA512

e0efd64664a78b691b85aee57a515c5e2d766d58a0a728b79ae4e9ea686cef8dd83d98ceee4f337c9f180db705cdcde65184243e5cc7c1f0f3f8b75dfffd750e
SSDEEP

24576:5hHhCzH8pd3lpdKLPWUbvBen+qrFqmKjSVFHV+J83o/fU9/9Us:5focn1pdKLOIvkn+QY3j89V+exR9j

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3036	c874314b4d1a8fcbbf4abb2e3eaf5469.exe

Executes dropped EXE 1 IoCs

pid	Process
3036	c874314b4d1a8fcbbf4abb2e3eaf5469.exe

Loads dropped DLL 1 IoCs

pid	Process
2372	c874314b4d1a8fcbbf4abb2e3eaf5469.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2372-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000c000000012320-13.dat	upx
behavioral1/files/0x000c000000012320-12.dat	upx
behavioral1/files/0x000c000000012320-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2372	c874314b4d1a8fcbbf4abb2e3eaf5469.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2372	c874314b4d1a8fcbbf4abb2e3eaf5469.exe
3036	c874314b4d1a8fcbbf4abb2e3eaf5469.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 3036	2372	c874314b4d1a8fcbbf4abb2e3eaf5469.exe	28
PID 2372 wrote to memory of 3036	2372	c874314b4d1a8fcbbf4abb2e3eaf5469.exe	28
PID 2372 wrote to memory of 3036	2372	c874314b4d1a8fcbbf4abb2e3eaf5469.exe	28
PID 2372 wrote to memory of 3036	2372	c874314b4d1a8fcbbf4abb2e3eaf5469.exe	28

C:\Users\Admin\AppData\Local\Temp\c874314b4d1a8fcbbf4abb2e3eaf5469.exe
"C:\Users\Admin\AppData\Local\Temp\c874314b4d1a8fcbbf4abb2e3eaf5469.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Users\Admin\AppData\Local\Temp\c874314b4d1a8fcbbf4abb2e3eaf5469.exe
  C:\Users\Admin\AppData\Local\Temp\c874314b4d1a8fcbbf4abb2e3eaf5469.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c874314b4d1a8fcbbf4abb2e3eaf5469.exe

Filesize
504KB

MD5
0ff7430056f3d485bec4f364c0979c0e

SHA1
3a05a75ad6f3895700b72b009af6addc7b226842

SHA256
cf8393e411dadbc6df807d27ab3ffa62bd4d2e751a4494b84a530d48df0be64a

SHA512
0babb9ff9efb13aa2d3fd03965b8cab64f7462aed79f590903a6327e08f5f7975009a2a65a9dcb67ea4e50df494e9267902d81909fcbfa099de950063d5372b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\c874314b4d1a8fcbbf4abb2e3eaf5469.exe

Filesize
628KB

MD5
65c3a74c14a952fa47b8d59ee32e02fd

SHA1
423b32ca96557f0033748978dcade7a6b2b0d9d2

SHA256
4f1b36622a297be82af52f05850b03d8c20c8946af40e41607909ef4c03d1aad

SHA512
51bcdf3ab7bd2c48bed0d7e26de1d3ab2b8cd890b36262e87447d4415143af69c9c33bf3347367195aedbf3e56e6c94d99fccd17d8785f55014cefe3b99dc055

Download Submit
\Users\Admin\AppData\Local\Temp\c874314b4d1a8fcbbf4abb2e3eaf5469.exe

Filesize
575KB

MD5
22c6af2cfe5b53d58b0830a13b88a47b

SHA1
6465ad54abd9a686f5d07a938185d814868d4cfa

SHA256
36bbd6c08d33bef9d885020d27398e8a6d4b709c79dee9326da8392797909e91

SHA512
9f0a942b60e2acc6c2ab6e742cc323f9b68c561f35fd21962b1ed46ad758616656acbb0d648c3e175f49d2aa901ca6e6ff37a89eb2dbe8c4978d9d58022e8ed3

Download Submit
memory/2372-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2372-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2372-15-0x0000000003610000-0x0000000003AF7000-memory.dmp

Filesize
4.9MB

Download
memory/2372-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2372-31-0x0000000003610000-0x0000000003AF7000-memory.dmp

Filesize
4.9MB

Download
memory/2372-2-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/3036-19-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/3036-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3036-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/3036-25-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/3036-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3036-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download