5bee246dcd6cfe83c1953bf2eefd8bfeb4fa2f50bb03da1fc8d2ed4e87ac25d4

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c928e32313414b7dc38a622b9f937e43.exe
Size

2.7MB
MD5

c928e32313414b7dc38a622b9f937e43
SHA1

99d2077a567affbceec8da3bd959a8056f87a6bb
SHA256

5bee246dcd6cfe83c1953bf2eefd8bfeb4fa2f50bb03da1fc8d2ed4e87ac25d4
SHA512

55cbbad57a27338cc682dc429b0ed9708f21b7958e1dda71bc7bba600d8c78020ba31029228e04da4f6d15678702d08ad989d260c5f4e96b669f179da649160c
SSDEEP

49152:Jwd0yrpECWaIS/mSSYUScw7XcR1VHZjwOkieV:Wr6a0S7DcwrcHVrE

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2896	c928e32313414b7dc38a622b9f937e43.exe

Executes dropped EXE 1 IoCs

pid	Process
2896	c928e32313414b7dc38a622b9f937e43.exe

Loads dropped DLL 1 IoCs

pid	Process
2804	c928e32313414b7dc38a622b9f937e43.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2804-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000d00000001224c-11.dat	upx
behavioral1/files/0x000d00000001224c-15.dat	upx
behavioral1/memory/2804-16-0x00000000037D0000-0x0000000003C3A000-memory.dmp	upx
behavioral1/memory/2896-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2804	c928e32313414b7dc38a622b9f937e43.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2804	c928e32313414b7dc38a622b9f937e43.exe
2896	c928e32313414b7dc38a622b9f937e43.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2804 wrote to memory of 2896	2804	c928e32313414b7dc38a622b9f937e43.exe	28
PID 2804 wrote to memory of 2896	2804	c928e32313414b7dc38a622b9f937e43.exe	28
PID 2804 wrote to memory of 2896	2804	c928e32313414b7dc38a622b9f937e43.exe	28
PID 2804 wrote to memory of 2896	2804	c928e32313414b7dc38a622b9f937e43.exe	28

C:\Users\Admin\AppData\Local\Temp\c928e32313414b7dc38a622b9f937e43.exe
"C:\Users\Admin\AppData\Local\Temp\c928e32313414b7dc38a622b9f937e43.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2804
- C:\Users\Admin\AppData\Local\Temp\c928e32313414b7dc38a622b9f937e43.exe
  C:\Users\Admin\AppData\Local\Temp\c928e32313414b7dc38a622b9f937e43.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c928e32313414b7dc38a622b9f937e43.exe

Filesize
237KB

MD5
f3d06801947a234934aa2cdaede74c7a

SHA1
8ba02ae50b2ebaaf881d9cccd3bb3f3d07dabade

SHA256
66539a1bbcc1fc8da2e8d6bf1e4c3b5316fcce5ed74216eefe7bb61f409061e7

SHA512
e3cd3e97569fef96c038098c8023e8c18a1ded326ff34e43aae45600300516b551d83c91239b1acbb3a001e64a98e3c2129435d61f16f92969429e6680814bdb

Download Submit
\Users\Admin\AppData\Local\Temp\c928e32313414b7dc38a622b9f937e43.exe

Filesize
587KB

MD5
abf8a7c6896c5a4d0f6d65f79dc096e5

SHA1
2c8ebd43517851c40615653261e38e4f6fc755b8

SHA256
2a81d5a86dac776f014f05b489bd0db1bf9985326d92dab1e8ff44f009855099

SHA512
004d12eb99c28693e1ef1add313be680c31d496906f3451843467a0185bc883c08b524d8a82a271fd0d2a45c193e200fb4a5646b47ffa56a88cfc73481c8fafe

Download Submit
memory/2804-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2804-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2804-2-0x00000000002A0000-0x00000000003B2000-memory.dmp

Filesize
1.1MB

Download
memory/2804-16-0x00000000037D0000-0x0000000003C3A000-memory.dmp

Filesize
4.4MB

Download
memory/2804-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2804-26-0x00000000037D0000-0x0000000003C3A000-memory.dmp

Filesize
4.4MB

Download
memory/2896-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2896-19-0x0000000000290000-0x00000000003A2000-memory.dmp

Filesize
1.1MB

Download
memory/2896-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2896-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download