87a1b8ee4e7ba68f7a466bf69e356d3362886f6540284149462d5931e51ebdba

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 14:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3c69facc4e1c3aaf5b87b73a2b6d481.exe
Size

5.8MB
MD5

d3c69facc4e1c3aaf5b87b73a2b6d481
SHA1

b747726f4b68ff74a78d0064d27a8a230335aead
SHA256

87a1b8ee4e7ba68f7a466bf69e356d3362886f6540284149462d5931e51ebdba
SHA512

43676528aa5e00b82e2053f1029bf4d195e9fc6646e8de2deda57fb1f2f8e269ac62cb27bd92eb17ac2616a72bbf551c9f3b5cf556bf6a70170a3d58d26f2788
SSDEEP

98304:uD5B0+E/w4YHau42c1joCjMPkNwk6TxlepMHSdA+D2cV0fvHau42c1joCjMPkNwv:8B0u9auq1jI86NuMHhXnffauq1jI86

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
324	d3c69facc4e1c3aaf5b87b73a2b6d481.exe

Loads dropped DLL 1 IoCs

pid	Process
2136	d3c69facc4e1c3aaf5b87b73a2b6d481.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2136-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d00000000e655-10.dat	upx
behavioral1/files/0x000d00000000e655-13.dat	upx
behavioral1/memory/324-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2136	d3c69facc4e1c3aaf5b87b73a2b6d481.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2136	d3c69facc4e1c3aaf5b87b73a2b6d481.exe
324	d3c69facc4e1c3aaf5b87b73a2b6d481.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 324	2136	d3c69facc4e1c3aaf5b87b73a2b6d481.exe	28
PID 2136 wrote to memory of 324	2136	d3c69facc4e1c3aaf5b87b73a2b6d481.exe	28
PID 2136 wrote to memory of 324	2136	d3c69facc4e1c3aaf5b87b73a2b6d481.exe	28
PID 2136 wrote to memory of 324	2136	d3c69facc4e1c3aaf5b87b73a2b6d481.exe	28

C:\Users\Admin\AppData\Local\Temp\d3c69facc4e1c3aaf5b87b73a2b6d481.exe
"C:\Users\Admin\AppData\Local\Temp\d3c69facc4e1c3aaf5b87b73a2b6d481.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Users\Admin\AppData\Local\Temp\d3c69facc4e1c3aaf5b87b73a2b6d481.exe
  C:\Users\Admin\AppData\Local\Temp\d3c69facc4e1c3aaf5b87b73a2b6d481.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d3c69facc4e1c3aaf5b87b73a2b6d481.exe

Filesize
1.1MB

MD5
9d8ef1acf83b8a6e7744a5f038c490d5

SHA1
c90150833f216afbc3cb0e0363f23953748bc5e4

SHA256
e99a2fd3a5d784be49842fdaf6e5d7970188bd6d84ee015cb332adf13414fcf1

SHA512
739fe34ff46aca75da723d509d56cbe11e3c0ef951830eb520b46ef70733ac4bb866b83547f1a21b20821150c8dfe89256e8d10ae242dd044932c640db0bd347

Download Submit
\Users\Admin\AppData\Local\Temp\d3c69facc4e1c3aaf5b87b73a2b6d481.exe

Filesize
1.7MB

MD5
75356a9a9071fc6922f48f1889738384

SHA1
f14628e7414587d0673035720901663f84ef70b6

SHA256
a3ade166623eec927460b0412bf203ccb16487ca761b1b49a671c5c2eeafe78e

SHA512
34b14e63132052d4199785b4f4da4263188195fad1b1e3f7415c76b22eba03c0ed41a9cb0f640b34e02cc1f2bdcfc97c5c12439ff3a46b94d2c95c5eec854c54

Download Submit
memory/324-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/324-17-0x0000000000280000-0x00000000003B3000-memory.dmp

Filesize
1.2MB

Download
memory/324-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/324-21-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2136-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2136-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2136-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2136-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2136-15-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2136-20-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download