a2d3dafe63393fc54a330e3bbd72a242c793e7b5398e2df19e8abaca5739f42f

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 17:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c92953acb677741ecedd4bd65a2017fe.exe
Size

10.7MB
MD5

c92953acb677741ecedd4bd65a2017fe
SHA1

7f997c71eaac775a9f8d5c28523b227df19742d9
SHA256

a2d3dafe63393fc54a330e3bbd72a242c793e7b5398e2df19e8abaca5739f42f
SHA512

424f3807893f894b0a672c3039af730f45c9f045478b1ba88d5c57e0c733beb19d9bad1afaea347251fbe27861852110820bf66758d786a84329a85ef397f7be
SSDEEP

196608:LNqOh53XV98CtpJcuxV98CtpMiLiRM0llYaV98CtpJcuxV98Ctp:5h5VHiuTHnibfYcHiuTH

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1192	c92953acb677741ecedd4bd65a2017fe.exe

Executes dropped EXE 1 IoCs

pid	Process
1192	c92953acb677741ecedd4bd65a2017fe.exe

Loads dropped DLL 1 IoCs

pid	Process
2128	c92953acb677741ecedd4bd65a2017fe.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2128-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x00080000000122cd-11.dat	upx
behavioral1/memory/1192-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x00080000000122cd-16.dat	upx
behavioral1/files/0x00080000000122cd-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2128	c92953acb677741ecedd4bd65a2017fe.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2128	c92953acb677741ecedd4bd65a2017fe.exe
1192	c92953acb677741ecedd4bd65a2017fe.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 1192	2128	c92953acb677741ecedd4bd65a2017fe.exe	28
PID 2128 wrote to memory of 1192	2128	c92953acb677741ecedd4bd65a2017fe.exe	28
PID 2128 wrote to memory of 1192	2128	c92953acb677741ecedd4bd65a2017fe.exe	28
PID 2128 wrote to memory of 1192	2128	c92953acb677741ecedd4bd65a2017fe.exe	28

C:\Users\Admin\AppData\Local\Temp\c92953acb677741ecedd4bd65a2017fe.exe
"C:\Users\Admin\AppData\Local\Temp\c92953acb677741ecedd4bd65a2017fe.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Users\Admin\AppData\Local\Temp\c92953acb677741ecedd4bd65a2017fe.exe
  C:\Users\Admin\AppData\Local\Temp\c92953acb677741ecedd4bd65a2017fe.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c92953acb677741ecedd4bd65a2017fe.exe

Filesize
8.8MB

MD5
507dca6d9972dc17a069e64b20eca039

SHA1
a84511cff39978a4c98d9fa0766ad6bdaa5d6028

SHA256
180377133e2fe78c82e3557f4557e7f32805cc7be74758a93e38178d153888e2

SHA512
0195c81cc1cbabbca97afaa7ae8e0a6104b4da157fb18b255a40cf4cf24994fb9b8b9e73d3d762caa65a8ced07e0b1c3e079bdce4e13f8c48e6a1eeb2bb35d85

Download Submit
C:\Users\Admin\AppData\Local\Temp\c92953acb677741ecedd4bd65a2017fe.exe

Filesize
6.6MB

MD5
51b1b2a952fb3d7ad899dc254c414256

SHA1
ec446035147d7849971457f45a17dcb7472c9b3f

SHA256
f71a40b92a0a364e6fc2ff97c3cbe2731c38b52f2c7884e6da3ee459b087ecf9

SHA512
d4a3d7208c112b738642fbd60e88b0a7f1390a8f3b529431dbef58371c0fca7d823872846d3ca50e27702f8676f6ad4fe4fa182a53662b0b4c19a1262cea3502

Download Submit
\Users\Admin\AppData\Local\Temp\c92953acb677741ecedd4bd65a2017fe.exe

Filesize
64KB

MD5
dedada1bde08f0e48f41aba30c2a93f0

SHA1
193273ae332adaff62a8c16c0e14a8e8aa19c826

SHA256
9d9223dcc5b43a74ea21f5af722218af5b99871adf061ebb730104f82b53d86d

SHA512
48a57c344f1dc663a448e4c865ddd45bcec7828ffc8c54f89c817c3343b583e5a231d44cbea19cb88f5d1bb8bf114ee09a1a0c20f7252e0f23b634a8dd26de2c

Download Submit
memory/1192-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1192-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1192-19-0x0000000000240000-0x0000000000352000-memory.dmp

Filesize
1.1MB

Download
memory/1192-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2128-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2128-7-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2128-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2128-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2128-14-0x00000000046A0000-0x0000000004B0A000-memory.dmp

Filesize
4.4MB

Download