4b228826b48d7df73593874662ae2fe84ae90a739d6dce21700f69ace9f88b35

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 02:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca43a44ce6383427ed75dbdfee0a3bda.exe
Size

3.9MB
MD5

ca43a44ce6383427ed75dbdfee0a3bda
SHA1

f7276d83ced99f9d4c12d20c2ea56c9d0287003e
SHA256

4b228826b48d7df73593874662ae2fe84ae90a739d6dce21700f69ace9f88b35
SHA512

7b56f79deedd10529a9eb84eeaa0ce64e06e7e57f5e846c7222f1d6476f6d51860e784e39a908652fa51cac1400e9d5220e420c121700ca118de36dc471448f9
SSDEEP

98304:gW7CofVMAgg3gnl/IVUt4pJWzZtIygg3gnl/IVUV:F7NV5gl/iwgWttJgl/iG

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2540	ca43a44ce6383427ed75dbdfee0a3bda.exe

Executes dropped EXE 1 IoCs

pid	Process
2540	ca43a44ce6383427ed75dbdfee0a3bda.exe

Loads dropped DLL 1 IoCs

pid	Process
2312	ca43a44ce6383427ed75dbdfee0a3bda.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2312-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000800000001225f-10.dat	upx
behavioral1/files/0x000800000001225f-12.dat	upx
behavioral1/files/0x000800000001225f-13.dat	upx
behavioral1/memory/2540-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2312	ca43a44ce6383427ed75dbdfee0a3bda.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2312	ca43a44ce6383427ed75dbdfee0a3bda.exe
2540	ca43a44ce6383427ed75dbdfee0a3bda.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2540	2312	ca43a44ce6383427ed75dbdfee0a3bda.exe	28
PID 2312 wrote to memory of 2540	2312	ca43a44ce6383427ed75dbdfee0a3bda.exe	28
PID 2312 wrote to memory of 2540	2312	ca43a44ce6383427ed75dbdfee0a3bda.exe	28
PID 2312 wrote to memory of 2540	2312	ca43a44ce6383427ed75dbdfee0a3bda.exe	28

C:\Users\Admin\AppData\Local\Temp\ca43a44ce6383427ed75dbdfee0a3bda.exe
"C:\Users\Admin\AppData\Local\Temp\ca43a44ce6383427ed75dbdfee0a3bda.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Users\Admin\AppData\Local\Temp\ca43a44ce6383427ed75dbdfee0a3bda.exe
  C:\Users\Admin\AppData\Local\Temp\ca43a44ce6383427ed75dbdfee0a3bda.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ca43a44ce6383427ed75dbdfee0a3bda.exe

Filesize
1.5MB

MD5
fd98d71675abd185b49b7e3ca6786082

SHA1
75be964e03ab6470d3a30977d0c86b36c0da029a

SHA256
511a1c205acb6b64248127b08e72592bf3e9b0c6c23af5f3186472a406bc17a4

SHA512
deff4a2c52d2cf037f58b2f841b6c5d01bf975638b618702fcf3390bb41804e92512756462719d3de51c265b75f136c273ba95d819711df1367d77b05d58ce9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ca43a44ce6383427ed75dbdfee0a3bda.exe

Filesize
1.1MB

MD5
2e078498ac6c9b04422e126e864dd1b0

SHA1
776f06f39c814d86f3cb9f20e8a1c6db66c75fba

SHA256
8a266b9403a9d3a11e601f061ed5ecd54382cfa60c4f7faf7435f90d67451bdb

SHA512
ff49c0226c267cb4a536ab5bfbe835301151a86287f99c5b82e3fddb2ff004f1446dadd829fbbcb45dd1fb337f51f09985de655396940fc376b1bf703c618f4e

Download Submit
\Users\Admin\AppData\Local\Temp\ca43a44ce6383427ed75dbdfee0a3bda.exe

Filesize
1.6MB

MD5
dd444013fe39f76f359201e4ae4f9316

SHA1
6b43379bbf93bb3082286f446b453d9e0e97d65c

SHA256
636576e72b096c38cede4ca78bcfdea0d948e6040caa061f215c91a6f4336b57

SHA512
c0010cdd0fa0e9f38ba3fdd04b8f1be73bb2e64ed6a2c6d25deea4d910d641e4ee9cb3dd062e0f4745d19dae6fd494082dd342c29508177f476682bd5db462e1

Download Submit
memory/2312-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2312-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2312-15-0x00000000038B0000-0x0000000003D9F000-memory.dmp

Filesize
4.9MB

Download
memory/2312-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2312-6-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2312-31-0x00000000038B0000-0x0000000003D9F000-memory.dmp

Filesize
4.9MB

Download
memory/2540-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2540-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2540-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2540-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2540-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2540-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download