ed563d9111413154b022c4e9f43a732153d41d01f13aa4d7a78e1eb95e3a5cd7

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d437fa9f92da3de290a34e216af9fe02.exe
Size

5.1MB
MD5

d437fa9f92da3de290a34e216af9fe02
SHA1

75765686c348f4c01070ebb256e32a467ff4d8d7
SHA256

ed563d9111413154b022c4e9f43a732153d41d01f13aa4d7a78e1eb95e3a5cd7
SHA512

0979f06539e1a7ab28e66f6f9a66faecad397c315ec17efcccec3c927fbf6de865aac4cd0cf2da5c1036623d4dadd2ff1c37d4517fc8251db95acb4afd6e57b2
SSDEEP

98304:BkEYXESXnLw4K4HBUCczz4NLhlTZTuwf2jS4HBUCczz9:nYFbw4JWC7NLhjqwfAWCi

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2328	d437fa9f92da3de290a34e216af9fe02.exe

Executes dropped EXE 1 IoCs

pid	Process
2328	d437fa9f92da3de290a34e216af9fe02.exe

Loads dropped DLL 1 IoCs

pid	Process
2032	d437fa9f92da3de290a34e216af9fe02.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2032-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001224f-10.dat	upx
behavioral1/files/0x000b00000001224f-15.dat	upx
behavioral1/memory/2328-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2032	d437fa9f92da3de290a34e216af9fe02.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2032	d437fa9f92da3de290a34e216af9fe02.exe
2328	d437fa9f92da3de290a34e216af9fe02.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2328	2032	d437fa9f92da3de290a34e216af9fe02.exe	28
PID 2032 wrote to memory of 2328	2032	d437fa9f92da3de290a34e216af9fe02.exe	28
PID 2032 wrote to memory of 2328	2032	d437fa9f92da3de290a34e216af9fe02.exe	28
PID 2032 wrote to memory of 2328	2032	d437fa9f92da3de290a34e216af9fe02.exe	28

C:\Users\Admin\AppData\Local\Temp\d437fa9f92da3de290a34e216af9fe02.exe
"C:\Users\Admin\AppData\Local\Temp\d437fa9f92da3de290a34e216af9fe02.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Users\Admin\AppData\Local\Temp\d437fa9f92da3de290a34e216af9fe02.exe
  C:\Users\Admin\AppData\Local\Temp\d437fa9f92da3de290a34e216af9fe02.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d437fa9f92da3de290a34e216af9fe02.exe

Filesize
45KB

MD5
1d733b1a9aed9c592c5e0682dfcc9937

SHA1
95176570e072976659523cdb7ec0e69ea90a19f8

SHA256
2375788244785a15c5fbb2fbd8adf0b54c1c2e9a7d1dac06a95298fd0e5514e6

SHA512
96581b5eb84827671d861a072169dc71e596e6aad1b45998fddc2628e1b202b2d0404598daad19d078ecdbe8c2b9b28a25e59e50ac3f95fb1538055dccf8ac34

Download Submit
\Users\Admin\AppData\Local\Temp\d437fa9f92da3de290a34e216af9fe02.exe

Filesize
505KB

MD5
e9807a511bc5b26f758afe8d6d92f156

SHA1
f60f65bf6e7d0c02487a89e8dc4fe071458d9beb

SHA256
13ebcbde1cd79130676209a983a23b2320826bb3e34bcf27c25fe551a0903491

SHA512
b4ba0df7d4c1d6135614c43bdb8c4da04ccfab2c21869e1495f791e0005b81c692f26d3cbc79fd81e641cdcad1cdbe9ecfa7e93e8e388e91bffecfb63fefb793

Download Submit
memory/2032-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2032-2-0x0000000000240000-0x0000000000373000-memory.dmp

Filesize
1.2MB

Download
memory/2032-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2032-14-0x0000000003D10000-0x00000000041FF000-memory.dmp

Filesize
4.9MB

Download
memory/2032-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2032-30-0x0000000003D10000-0x00000000041FF000-memory.dmp

Filesize
4.9MB

Download
memory/2328-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2328-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2328-19-0x00000000002A0000-0x00000000003D3000-memory.dmp

Filesize
1.2MB

Download
memory/2328-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2328-25-0x0000000003530000-0x000000000375A000-memory.dmp

Filesize
2.2MB

Download
memory/2328-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download