f275e6e3ff829cd2b588139359501693b3c854ea691a0d4833cb3786b3b4011d

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca30cae584cd5c929c724644fdb937a0.exe
Size

5.8MB
MD5

ca30cae584cd5c929c724644fdb937a0
SHA1

838bdeda748340a92c028b8fbf74f06a4a945e26
SHA256

f275e6e3ff829cd2b588139359501693b3c854ea691a0d4833cb3786b3b4011d
SHA512

e01149a5d3fea06185864bee6f5e9736063fc4444917f04cb1ac93e9d67567e50639459ded4f9a92a88bc47db0792d779a4e5addec9ab16b39d08ad1ea6a6564
SSDEEP

98304:PAUsibXe3Wgf4HBUCczzM3AL4WSoJM14HBUCczzM3:IA2WgwWCbWSoWOWC

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1384	ca30cae584cd5c929c724644fdb937a0.exe

Executes dropped EXE 1 IoCs

pid	Process
1384	ca30cae584cd5c929c724644fdb937a0.exe

Loads dropped DLL 1 IoCs

pid	Process
1252	ca30cae584cd5c929c724644fdb937a0.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1252-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001224c-10.dat	upx
behavioral1/memory/1252-14-0x0000000003F30000-0x000000000441F000-memory.dmp	upx
behavioral1/memory/1384-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001224c-12.dat	upx
behavioral1/files/0x000b00000001224c-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1252	ca30cae584cd5c929c724644fdb937a0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1252	ca30cae584cd5c929c724644fdb937a0.exe
1384	ca30cae584cd5c929c724644fdb937a0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 1384	1252	ca30cae584cd5c929c724644fdb937a0.exe	28
PID 1252 wrote to memory of 1384	1252	ca30cae584cd5c929c724644fdb937a0.exe	28
PID 1252 wrote to memory of 1384	1252	ca30cae584cd5c929c724644fdb937a0.exe	28
PID 1252 wrote to memory of 1384	1252	ca30cae584cd5c929c724644fdb937a0.exe	28

C:\Users\Admin\AppData\Local\Temp\ca30cae584cd5c929c724644fdb937a0.exe
"C:\Users\Admin\AppData\Local\Temp\ca30cae584cd5c929c724644fdb937a0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Users\Admin\AppData\Local\Temp\ca30cae584cd5c929c724644fdb937a0.exe
  C:\Users\Admin\AppData\Local\Temp\ca30cae584cd5c929c724644fdb937a0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ca30cae584cd5c929c724644fdb937a0.exe

Filesize
42KB

MD5
68f0bb525da05d2c742eab00a3279689

SHA1
56db54b2d4568606740b684e09205ed74bd4d618

SHA256
137c3a445cc9208ac73fbf1b13c07e2b4efcb89ad61180e4b3e823713f7b8ba9

SHA512
a0e2fc35d3bb2cabe399362d9110fbd71e07af1628c6bdf185ba2bafe2ab967448cbaf197a78388791a03f75dad11a7c486a993531f6a1d263b924d8a066fb08

Download Submit
C:\Users\Admin\AppData\Local\Temp\ca30cae584cd5c929c724644fdb937a0.exe

Filesize
1.3MB

MD5
30b3f53585a37ec1ce68cc16a4cffab2

SHA1
37fea42e6e662c91d7901e5a77f9896eb9fc8155

SHA256
e4e01ea5aedf3c330c7396ea22684cfe4831892f5c0d1782607517eba390af6d

SHA512
14699d25652ec508ee0c99f448d196828fd5a614e340932ccdf8095e5cbfe52dffec12c931a601376821f09f8ca4de54ba9b76c1255b987ff4719c4df0a49f70

Download Submit
\Users\Admin\AppData\Local\Temp\ca30cae584cd5c929c724644fdb937a0.exe

Filesize
186KB

MD5
2d543bf511297b6109f62102cb4ccad1

SHA1
12b52ee0758a27cb7c7ea8c40ecc898ed497ff2d

SHA256
54628cecf236848f1f60d60904f434fc69b4de26285892de2e8018f6da6c4ec7

SHA512
93901c4fbbb3a1358634be494bc429c8ed6a0f06c9a977c92e6a5eeee76fa8899e6c1e6269c80f2a0ae2b902bd39ab492fd87e2fa402c67bbd7221d65786eeca

Download Submit
memory/1252-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1252-2-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1252-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1252-14-0x0000000003F30000-0x000000000441F000-memory.dmp

Filesize
4.9MB

Download
memory/1252-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1384-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1384-18-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/1384-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1384-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1384-24-0x00000000032D0000-0x00000000034FA000-memory.dmp

Filesize
2.2MB

Download
memory/1384-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download