2ace752285cf3cd15d534c168985f9ec4387f5007e5efba9142d3e0955aa579f

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4614d88a46d798d9def21d50ba8e71d.exe
Size

5.8MB
MD5

d4614d88a46d798d9def21d50ba8e71d
SHA1

4aa03c9b4a81aed908dc30a42f460a7fbfd2d711
SHA256

2ace752285cf3cd15d534c168985f9ec4387f5007e5efba9142d3e0955aa579f
SHA512

a6e84bdab5289759943103db1bc9b34da89f7d9992e4b4202c24c5d26d0fed52c615114c41fcfd7dbe30c45b1fe36b008830a80b94b7376a1a7c07d88fb05593
SSDEEP

98304:wxoJDWi9BMdDolgg3gnl/IVUs1jePsyrFVikerpUZjwuxNgg3gnl/IVUs1jePs:wxoJW8UGgl/iBiPTikelUZjwuBgl/iBg

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2584	d4614d88a46d798d9def21d50ba8e71d.exe

Executes dropped EXE 1 IoCs

pid	Process
2584	d4614d88a46d798d9def21d50ba8e71d.exe

Loads dropped DLL 1 IoCs

pid	Process
2972	d4614d88a46d798d9def21d50ba8e71d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2972-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012266-11.dat	upx
behavioral1/files/0x0009000000012266-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2972	d4614d88a46d798d9def21d50ba8e71d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2972	d4614d88a46d798d9def21d50ba8e71d.exe
2584	d4614d88a46d798d9def21d50ba8e71d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2584	2972	d4614d88a46d798d9def21d50ba8e71d.exe	28
PID 2972 wrote to memory of 2584	2972	d4614d88a46d798d9def21d50ba8e71d.exe	28
PID 2972 wrote to memory of 2584	2972	d4614d88a46d798d9def21d50ba8e71d.exe	28
PID 2972 wrote to memory of 2584	2972	d4614d88a46d798d9def21d50ba8e71d.exe	28

C:\Users\Admin\AppData\Local\Temp\d4614d88a46d798d9def21d50ba8e71d.exe
"C:\Users\Admin\AppData\Local\Temp\d4614d88a46d798d9def21d50ba8e71d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\Temp\d4614d88a46d798d9def21d50ba8e71d.exe
  C:\Users\Admin\AppData\Local\Temp\d4614d88a46d798d9def21d50ba8e71d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d4614d88a46d798d9def21d50ba8e71d.exe

Filesize
2.0MB

MD5
83416de23e9dcede7365a6fb332a67e5

SHA1
9e1a308c791b4cc2f295b0da399abc627c2b4171

SHA256
c1ffcb7ab364d60db458f249821df5b1daff3d9d30202f6b9ca0aeb02da1fbc2

SHA512
d9371326a9b6140ecd86907d254b0a79157640466ecd436d61f579ae54b43df0bb9adc590a3b9c2664a271d95f9f07a8267d57ad4ab2e4f578f136859f04c3f1

Download Submit
\Users\Admin\AppData\Local\Temp\d4614d88a46d798d9def21d50ba8e71d.exe

Filesize
1.1MB

MD5
528b236472bf9832b61ca457315a5dcd

SHA1
d80e1bf89a12204a8eb71f82fced4baf6d12ec7c

SHA256
e01e37ef9721329e241c4a9010b558dc411991d2e4075e5b22734c55e7387e9a

SHA512
6ec367aada21bfd743a9bac679df8bdbabaa6831d4203dab599e2570bc6f13d3fb7ce45b9c2ef8b8cc86b523e00630a187c788ccec81c0f6efc5b0c0d4589986

Download Submit
memory/2584-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2584-33-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2584-26-0x0000000003520000-0x000000000374A000-memory.dmp

Filesize
2.2MB

Download
memory/2584-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2584-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2584-19-0x0000000000290000-0x00000000003C3000-memory.dmp

Filesize
1.2MB

Download
memory/2972-6-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2972-16-0x0000000003F60000-0x000000000444F000-memory.dmp

Filesize
4.9MB

Download
memory/2972-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2972-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2972-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2972-32-0x0000000003F60000-0x000000000444F000-memory.dmp

Filesize
4.9MB

Download
memory/2972-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download