3360a76baf0a322e7dbf499ffae46883f16dff3dbd04b9088e61800682b03445

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/03/2024, 11:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cdeaf48bc44598a23f7d46900bbfe8d6.exe
Size

2.7MB
MD5

cdeaf48bc44598a23f7d46900bbfe8d6
SHA1

f3fd13a9c0df1eed9825c8db3d535404a93fae14
SHA256

3360a76baf0a322e7dbf499ffae46883f16dff3dbd04b9088e61800682b03445
SHA512

5d285224a132c39d64355e2e5099ef489fe4a35c77f15bec91a4e32db57ae541c360c1607ae8278de1953fd7a365ab0df238759a7baaeea063ba83077c247abc
SSDEEP

49152:scUYroe2ViGXc4ODkCC6w6252YHuD3daeR9YdLnm9KOcDvOe0tUIZl3R9j:uYroXViCJODkCCK24iuD3dpH4mk7vTbK

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2840	cdeaf48bc44598a23f7d46900bbfe8d6.exe

Executes dropped EXE 1 IoCs

pid	Process
2840	cdeaf48bc44598a23f7d46900bbfe8d6.exe

Loads dropped DLL 1 IoCs

pid	Process
2180	cdeaf48bc44598a23f7d46900bbfe8d6.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2180-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000e000000012110-10.dat	upx
behavioral1/memory/2840-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000e000000012110-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2180	cdeaf48bc44598a23f7d46900bbfe8d6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2180	cdeaf48bc44598a23f7d46900bbfe8d6.exe
2840	cdeaf48bc44598a23f7d46900bbfe8d6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2840	2180	cdeaf48bc44598a23f7d46900bbfe8d6.exe	28
PID 2180 wrote to memory of 2840	2180	cdeaf48bc44598a23f7d46900bbfe8d6.exe	28
PID 2180 wrote to memory of 2840	2180	cdeaf48bc44598a23f7d46900bbfe8d6.exe	28
PID 2180 wrote to memory of 2840	2180	cdeaf48bc44598a23f7d46900bbfe8d6.exe	28

C:\Users\Admin\AppData\Local\Temp\cdeaf48bc44598a23f7d46900bbfe8d6.exe
"C:\Users\Admin\AppData\Local\Temp\cdeaf48bc44598a23f7d46900bbfe8d6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Users\Admin\AppData\Local\Temp\cdeaf48bc44598a23f7d46900bbfe8d6.exe
  C:\Users\Admin\AppData\Local\Temp\cdeaf48bc44598a23f7d46900bbfe8d6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cdeaf48bc44598a23f7d46900bbfe8d6.exe

Filesize
1.1MB

MD5
74aa0e797988f79d64383383f54c59ab

SHA1
89ee6d8c2e647b4e1c45ca0797805471d5cd54b2

SHA256
56447998422d93fe330bceee7e51fef06623de1f7a99dbdee07b26f93e541401

SHA512
b36ded93eb05f68d8064651f266195a8ef3e6d6da84c6e6b40ee5a0b1ec3576b1b63b01eee9d52abefce65e4876e69d0a98d9c4875038ccb720574eb2b402a6b

Download Submit
\Users\Admin\AppData\Local\Temp\cdeaf48bc44598a23f7d46900bbfe8d6.exe

Filesize
2.3MB

MD5
218d97e0fdd392eb51dc1fc61ff99149

SHA1
541b89eae2c17b52b28bc66eb1bbaf6aaee2f1bd

SHA256
f6c620c0e062674ef99975fb5d5d8c990f210734961290f1698f77c472193d13

SHA512
2acbb8f62ec7d2752d82df1ca37a55a8a83afd04d482e8add1e004ae854af62a35f98d02fa5a7b9dfb29c58474d0991d48627b0a487c47c3a864a848b2f57004

Download Submit
memory/2180-31-0x0000000003750000-0x0000000003C37000-memory.dmp

Filesize
4.9MB

Download
memory/2180-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2180-3-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2180-14-0x0000000003750000-0x0000000003C37000-memory.dmp

Filesize
4.9MB

Download
memory/2180-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2180-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2840-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2840-18-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2840-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2840-25-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2840-17-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2840-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download