d376f3aec9b58a3c60233ea0d11f0fa1c2a69c7ae8ad035b18d9313c2771044c

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc3319af3aa41f65f096144ddc637d3b.exe
Size

2.9MB
MD5

cc3319af3aa41f65f096144ddc637d3b
SHA1

7f3342d175a47bc0b8396eb9aec0be416ca967b2
SHA256

d376f3aec9b58a3c60233ea0d11f0fa1c2a69c7ae8ad035b18d9313c2771044c
SHA512

7df658a1434e8159af643547526910e741b7d7a2d68423d8f8133798215fd934bc6a3e75fbbc4450a231af8e72bf3118bb872c02917cbbe8e68c2ab1ec9054a2
SSDEEP

49152:Iw7xM9pM/UBMaBjndAPGITVCDfP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:vsM/UFlni6Dfgg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2968	cc3319af3aa41f65f096144ddc637d3b.exe

Executes dropped EXE 1 IoCs

pid	Process
2968	cc3319af3aa41f65f096144ddc637d3b.exe

Loads dropped DLL 1 IoCs

pid	Process
3008	cc3319af3aa41f65f096144ddc637d3b.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3008-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012251-10.dat	upx
behavioral1/files/0x0009000000012251-13.dat	upx
behavioral1/memory/2968-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3008	cc3319af3aa41f65f096144ddc637d3b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3008	cc3319af3aa41f65f096144ddc637d3b.exe
2968	cc3319af3aa41f65f096144ddc637d3b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2968	3008	cc3319af3aa41f65f096144ddc637d3b.exe	28
PID 3008 wrote to memory of 2968	3008	cc3319af3aa41f65f096144ddc637d3b.exe	28
PID 3008 wrote to memory of 2968	3008	cc3319af3aa41f65f096144ddc637d3b.exe	28
PID 3008 wrote to memory of 2968	3008	cc3319af3aa41f65f096144ddc637d3b.exe	28

C:\Users\Admin\AppData\Local\Temp\cc3319af3aa41f65f096144ddc637d3b.exe
"C:\Users\Admin\AppData\Local\Temp\cc3319af3aa41f65f096144ddc637d3b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Users\Admin\AppData\Local\Temp\cc3319af3aa41f65f096144ddc637d3b.exe
  C:\Users\Admin\AppData\Local\Temp\cc3319af3aa41f65f096144ddc637d3b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cc3319af3aa41f65f096144ddc637d3b.exe

Filesize
128KB

MD5
ed7b659e85d1aebdf62bc2394c176346

SHA1
09d199953c695edc10376b67c09029b77e055301

SHA256
1f648037da6d6a90ae6a5c36b053c446230a941eea49016c228ca347f777593b

SHA512
d47ceea75fe3f245c9210f244d2589fa6ebe70cfa4eccc1907e57382f1bee6690486117cc0823d62c53740db1d9c49995089c6a82be35848815c6a2f3cdde1f3

Download Submit
\Users\Admin\AppData\Local\Temp\cc3319af3aa41f65f096144ddc637d3b.exe

Filesize
256KB

MD5
7807920c58b23fbebd3db4d09a017f0d

SHA1
3e263068536d0a118bea790f4fc2b57c341407e8

SHA256
24630f42dce0136cfea20a81a8911a6be22b719bf17afbdb8a84dfb73f0017ce

SHA512
e42d928813d32ae87f948e951ca948464ee3303159c072c4111bd394ebd1e0e6e53b3311202147c5d4b40eab449223dd4b82f2b7708cdca566f656b56939460c

Download Submit
memory/2968-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2968-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2968-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2968-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2968-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2968-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/3008-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3008-15-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/3008-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3008-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3008-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/3008-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download