12c6abb41a4d88349c11abc95b1a51081ade7a51f9fdf0ff5ccf5a959537bb62

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3b4fd9d6a4c7d1486613465c4d29d2a.exe
Size

2.9MB
MD5

d3b4fd9d6a4c7d1486613465c4d29d2a
SHA1

71c7936be10fb79c4367929755df3081fa738c32
SHA256

12c6abb41a4d88349c11abc95b1a51081ade7a51f9fdf0ff5ccf5a959537bb62
SHA512

0fe690a202900b6103681fc9c43497dac455ba7aca51d9c6833e368753f07e678276ae24b06652103e761673a3fa71381ddb211868bbcfa31adf84f0429db42e
SSDEEP

49152:LP7EHY/0x4MrSguG+EaeUTbk3/prZ/Dnl1+1+MBRpo6oh:77iYsCMr0GCcprZ/+1+M7arh

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2492	d3b4fd9d6a4c7d1486613465c4d29d2a.exe

Executes dropped EXE 1 IoCs

pid	Process
2492	d3b4fd9d6a4c7d1486613465c4d29d2a.exe

Loads dropped DLL 1 IoCs

pid	Process
2752	d3b4fd9d6a4c7d1486613465c4d29d2a.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2752-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001222a-10.dat	upx
behavioral1/files/0x000a00000001222a-12.dat	upx
behavioral1/files/0x000a00000001222a-15.dat	upx
behavioral1/memory/2492-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2752-14-0x00000000037F0000-0x0000000003CDF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2752	d3b4fd9d6a4c7d1486613465c4d29d2a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2752	d3b4fd9d6a4c7d1486613465c4d29d2a.exe
2492	d3b4fd9d6a4c7d1486613465c4d29d2a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 2492	2752	d3b4fd9d6a4c7d1486613465c4d29d2a.exe	28
PID 2752 wrote to memory of 2492	2752	d3b4fd9d6a4c7d1486613465c4d29d2a.exe	28
PID 2752 wrote to memory of 2492	2752	d3b4fd9d6a4c7d1486613465c4d29d2a.exe	28
PID 2752 wrote to memory of 2492	2752	d3b4fd9d6a4c7d1486613465c4d29d2a.exe	28

C:\Users\Admin\AppData\Local\Temp\d3b4fd9d6a4c7d1486613465c4d29d2a.exe
"C:\Users\Admin\AppData\Local\Temp\d3b4fd9d6a4c7d1486613465c4d29d2a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Users\Admin\AppData\Local\Temp\d3b4fd9d6a4c7d1486613465c4d29d2a.exe
  C:\Users\Admin\AppData\Local\Temp\d3b4fd9d6a4c7d1486613465c4d29d2a.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d3b4fd9d6a4c7d1486613465c4d29d2a.exe

Filesize
64KB

MD5
2df42cbdb0ec283663ba087b5232bf5d

SHA1
9bc8c5db1e23a1713d7eab3e443a23c4844839a3

SHA256
85c58609aecaea2ff6a40562cd52fd8c3980d441133450f5c18e98b01854697c

SHA512
cd0bac904007e209eabca699d16339e6f138fbc01b9df714a46588d931d08ed9027aad5845f2c67604601625efaf3adeba6212a3b91236772c5d8c60c135e821

Download Submit
C:\Users\Admin\AppData\Local\Temp\d3b4fd9d6a4c7d1486613465c4d29d2a.exe

Filesize
2.9MB

MD5
6ba6823f8d78c961ebb92c4c7600e463

SHA1
cada4993312f5826b487a2033a5db479b7b6ae21

SHA256
fdb1383e2ff99be4b0b5cf7e5b0416be37400e64cd59300e46c53a6feeae31ff

SHA512
1fde5761d10b5b01459c9c1b4e3d629b954daf2f3f1f87d7d6244a8337866a3b2418eb9ca6b8f17cf882410297cae8e064b63174c4a70184c8763a4796fbffe7

Download Submit
\Users\Admin\AppData\Local\Temp\d3b4fd9d6a4c7d1486613465c4d29d2a.exe

Filesize
320KB

MD5
e923bb4b644956acf98f184b9095f367

SHA1
a60d4c8b306acc0278ea3e0e3bf1c6f29bf603a1

SHA256
203e9b5249b667e27ccaf9ed7722615165e26618233f7627d16e1aa3cc929270

SHA512
9e3b3b0ce44475872033aecef9ea850b5b2ceae50b9a14f11767a82c0325acb56022220542ff9cf05cd4a93d04779294f6573b404858677e5a142d452734d8da

Download Submit
memory/2492-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2492-18-0x0000000000290000-0x00000000003C3000-memory.dmp

Filesize
1.2MB

Download
memory/2492-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2492-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2492-24-0x0000000003520000-0x000000000374A000-memory.dmp

Filesize
2.2MB

Download
memory/2492-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2752-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2752-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2752-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2752-14-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2752-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download