38051aa465dd8fe7034a47e130541065bd35f8fb222813e49cd5bb8de829d0b8

Analysis

max time kernel
119s
max time network
136s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c97d768a35ad16db4113ffe661f87b9b.exe
Size

1.5MB
MD5

c97d768a35ad16db4113ffe661f87b9b
SHA1

d678e1114f3c4cb929001b6e54553bf00e524cda
SHA256

38051aa465dd8fe7034a47e130541065bd35f8fb222813e49cd5bb8de829d0b8
SHA512

a8d017da952fc248fb02fb278a6d46a8c1b1c33d2eec62ef5f437e3be53f74413c8da37e31ea402a4c9ca25a9561c4049cdd3b771b921ec307049f0f3498da67
SSDEEP

24576:StAfrvoQUjwfWZRtWVe/bwZI1v2MuB6ZfU0psZNfOI/ylGO0Y6czoCW:StAfsQlfWZGVOQI1XuB6dUYsjp/ylGOr

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2588	c97d768a35ad16db4113ffe661f87b9b.exe

Executes dropped EXE 1 IoCs

pid	Process
2588	c97d768a35ad16db4113ffe661f87b9b.exe

Loads dropped DLL 1 IoCs

pid	Process
2084	c97d768a35ad16db4113ffe661f87b9b.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2084-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012233-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2084	c97d768a35ad16db4113ffe661f87b9b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2084	c97d768a35ad16db4113ffe661f87b9b.exe
2588	c97d768a35ad16db4113ffe661f87b9b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2588	2084	c97d768a35ad16db4113ffe661f87b9b.exe	28
PID 2084 wrote to memory of 2588	2084	c97d768a35ad16db4113ffe661f87b9b.exe	28
PID 2084 wrote to memory of 2588	2084	c97d768a35ad16db4113ffe661f87b9b.exe	28
PID 2084 wrote to memory of 2588	2084	c97d768a35ad16db4113ffe661f87b9b.exe	28

C:\Users\Admin\AppData\Local\Temp\c97d768a35ad16db4113ffe661f87b9b.exe
"C:\Users\Admin\AppData\Local\Temp\c97d768a35ad16db4113ffe661f87b9b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\c97d768a35ad16db4113ffe661f87b9b.exe
  C:\Users\Admin\AppData\Local\Temp\c97d768a35ad16db4113ffe661f87b9b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c97d768a35ad16db4113ffe661f87b9b.exe

Filesize
1.5MB

MD5
e26c68b57d7cd1d57916cab6e6e66705

SHA1
963de93e6c1805c2fb1a58df17ba750da7f59020

SHA256
268f2b36cab6f374a68fd59175da822b355fda3b6b20fbb82eac0d2db3014a7f

SHA512
c4b77df8655bf2bc94787121483fdb12fdec9d4f1f17c59171538132699770ed9a19cd732d1a6121ee1c9b0a554dd5fa3563310e06fc9d550bd42765288c03a4

Download Submit
memory/2084-31-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2084-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2084-4-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2084-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2084-15-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2084-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2588-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2588-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2588-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2588-24-0x0000000003550000-0x000000000377A000-memory.dmp

Filesize
2.2MB

Download
memory/2588-18-0x00000000002C0000-0x00000000003F3000-memory.dmp

Filesize
1.2MB

Download
memory/2588-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download