07f600b2993efd8d3926d5f1ec83b05c81d6bfefffdeac8a55170bf03efddb5a

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 04:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca8a797cf29c368c792cfaecc8264722.exe
Size

2.9MB
MD5

ca8a797cf29c368c792cfaecc8264722
SHA1

6d64043f5be5b1a066ac866dd2a3838373f4501f
SHA256

07f600b2993efd8d3926d5f1ec83b05c81d6bfefffdeac8a55170bf03efddb5a
SHA512

10775a69eaad274a29e88269714e861de7b0cbfa790ceacec37a4c3304c933f9d740f6f5e4a3086b992670391ba25f6af5a47a42378886b15fbc9ca6df7228da
SSDEEP

49152:8TdJ6xFXr7dUoq/Dy67P4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:8TdJ6xF77dUzNgg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2944	ca8a797cf29c368c792cfaecc8264722.exe

Executes dropped EXE 1 IoCs

pid	Process
2944	ca8a797cf29c368c792cfaecc8264722.exe

Loads dropped DLL 1 IoCs

pid	Process
2360	ca8a797cf29c368c792cfaecc8264722.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2360-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000900000001447e-10.dat	upx
behavioral1/memory/2944-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2360	ca8a797cf29c368c792cfaecc8264722.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2360	ca8a797cf29c368c792cfaecc8264722.exe
2944	ca8a797cf29c368c792cfaecc8264722.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2944	2360	ca8a797cf29c368c792cfaecc8264722.exe	28
PID 2360 wrote to memory of 2944	2360	ca8a797cf29c368c792cfaecc8264722.exe	28
PID 2360 wrote to memory of 2944	2360	ca8a797cf29c368c792cfaecc8264722.exe	28
PID 2360 wrote to memory of 2944	2360	ca8a797cf29c368c792cfaecc8264722.exe	28

C:\Users\Admin\AppData\Local\Temp\ca8a797cf29c368c792cfaecc8264722.exe
"C:\Users\Admin\AppData\Local\Temp\ca8a797cf29c368c792cfaecc8264722.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\ca8a797cf29c368c792cfaecc8264722.exe
  C:\Users\Admin\AppData\Local\Temp\ca8a797cf29c368c792cfaecc8264722.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\ca8a797cf29c368c792cfaecc8264722.exe

Filesize
2.9MB

MD5
c7e9f9bdc7daa47dc57622b0a9630f85

SHA1
d7a937b7f9fd751a845c4f35c3dad0a101892670

SHA256
547627917426fb304c7120a18f3b58dbfdff46bb9d3e36b4583e4feb20c21bf3

SHA512
17e9445ea508b67f395ff0c25fcc639f3e1c4b3f989cdfbe601cbca0d1a61bc3f1d16755e0533f4cf3e67604f19dc43691b2520c6d99a05b698a8a1ec2c59909

Download Submit
memory/2360-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2360-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2360-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2360-14-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2360-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2360-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2944-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2944-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2944-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2944-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2944-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2944-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download