230e5141831452d7f1c26a2640ab4018dd8b3078719d75c7729b0c08b2b29a4f

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4878bf517b84e49c3377adb1ad8038d.exe
Size

2.9MB
MD5

d4878bf517b84e49c3377adb1ad8038d
SHA1

4c4164f543d64416962598f4ce0e3289dfd4b36e
SHA256

230e5141831452d7f1c26a2640ab4018dd8b3078719d75c7729b0c08b2b29a4f
SHA512

1c50f6f2571c33d86bf052dba01607e98fb34549241c8aea421c1a00790058a274d989b5dda3d528f4ebf7881de6070f8450173525ac0f8df76d7475f5a6878a
SSDEEP

49152:nmh2LMvCzI4FieFUSfJxt7N74NH5HUyNRcUsCVOzetdZJ:nmoLMviI4iCUkt4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2204	d4878bf517b84e49c3377adb1ad8038d.exe

Executes dropped EXE 1 IoCs

pid	Process
2204	d4878bf517b84e49c3377adb1ad8038d.exe

Loads dropped DLL 1 IoCs

pid	Process
2820	d4878bf517b84e49c3377adb1ad8038d.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2820-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000013a21-12.dat	upx
behavioral1/files/0x000a000000013a21-10.dat	upx
behavioral1/files/0x000a000000013a21-15.dat	upx
behavioral1/memory/2204-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2820	d4878bf517b84e49c3377adb1ad8038d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2820	d4878bf517b84e49c3377adb1ad8038d.exe
2204	d4878bf517b84e49c3377adb1ad8038d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 2204	2820	d4878bf517b84e49c3377adb1ad8038d.exe	28
PID 2820 wrote to memory of 2204	2820	d4878bf517b84e49c3377adb1ad8038d.exe	28
PID 2820 wrote to memory of 2204	2820	d4878bf517b84e49c3377adb1ad8038d.exe	28
PID 2820 wrote to memory of 2204	2820	d4878bf517b84e49c3377adb1ad8038d.exe	28

C:\Users\Admin\AppData\Local\Temp\d4878bf517b84e49c3377adb1ad8038d.exe
"C:\Users\Admin\AppData\Local\Temp\d4878bf517b84e49c3377adb1ad8038d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Users\Admin\AppData\Local\Temp\d4878bf517b84e49c3377adb1ad8038d.exe
  C:\Users\Admin\AppData\Local\Temp\d4878bf517b84e49c3377adb1ad8038d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d4878bf517b84e49c3377adb1ad8038d.exe

Filesize
1.8MB

MD5
9a836599cece6bfb3fc88a87f9de1dcd

SHA1
45a1b3d2b9433c8a3d9f4b684469ca797e4eee1f

SHA256
a4d3b464204f207909df15654039147b09b42bbb9d1b17f1a97ca255eb76bc65

SHA512
d96e93f75d1423f5de872ac61592487c92c38ea78c80472140dd67fa5c1aa3b3a0bf55f96c3513364c7f3a404c2ef6e7b37942445aab19557c60b42e2bcce779

Download Submit
C:\Users\Admin\AppData\Local\Temp\d4878bf517b84e49c3377adb1ad8038d.exe

Filesize
2.4MB

MD5
ee13ce8486934ae1a9c9e88aab46aa8d

SHA1
9d270abd2ec918e1d6b809d4b3d849ff184af4ea

SHA256
30d0396f7e04ae7bc24b5273cf3ec5d91ef311a905be2e436788e6c9d1316655

SHA512
565e9870b6627841d0553b74669c9de33ae5a38e391b70a0fc4752194114c0d8deaa7cc9f03a68089bbb1568d95e17c7a1ffa5562e2dfa60c2283c419eb09801

Download Submit
\Users\Admin\AppData\Local\Temp\d4878bf517b84e49c3377adb1ad8038d.exe

Filesize
2.2MB

MD5
7a10428eade567a2a006d415a510bc0e

SHA1
4b181d5c7a7a429e55cb0a9b7e53246b4855e8c3

SHA256
562473815d7fade38401dabed42850a3ae7c71cda905879c3a6b3b900a42b3f9

SHA512
78df287caea4844be6f54c314ec3a1fcbcd0cc484058a67a3765b6776aa21c50f75a4c70040d6d2266d34ca1c1e6a48bc8511d1e5360e4dd8c262f8bfeca9246

Download Submit
memory/2204-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2204-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2204-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2204-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2204-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2204-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2820-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2820-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2820-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2820-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2820-13-0x0000000003980000-0x0000000003E6F000-memory.dmp

Filesize
4.9MB

Download
memory/2820-31-0x0000000003980000-0x0000000003E6F000-memory.dmp

Filesize
4.9MB

Download