2299dbeab8041ae4aed74f09b9c35c6d171b2456c362f36aeb0a8b54e959ed1a

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 03:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d515db8043d274236077905381887e59.exe
Size

2.7MB
MD5

d515db8043d274236077905381887e59
SHA1

99bfabc1986a16767c6d30f53b0a5968a3271b23
SHA256

2299dbeab8041ae4aed74f09b9c35c6d171b2456c362f36aeb0a8b54e959ed1a
SHA512

0fc8dbf2c30e2e3798521d00298edef3f896b5bfc83a585bea6a95037e51509d690db1779abd6c5f385dc728f5fd0ef59eeb9e79ed244c505d046b01be80d5dc
SSDEEP

49152:q0BibimJMP2nMkwa5Fm6qglISrRvbR9eV3W6lvWNJRBeG9vAiqNfXk0+gNUDR9j:qfbdJYQ9waK6RFZHeBhvWNJzekqXX+E6

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2556	d515db8043d274236077905381887e59.exe

Executes dropped EXE 1 IoCs

pid	Process
2556	d515db8043d274236077905381887e59.exe

Loads dropped DLL 1 IoCs

pid	Process
2036	d515db8043d274236077905381887e59.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2036-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000c000000012245-10.dat	upx
behavioral1/files/0x000c000000012245-13.dat	upx
behavioral1/memory/2556-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2036	d515db8043d274236077905381887e59.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2036	d515db8043d274236077905381887e59.exe
2556	d515db8043d274236077905381887e59.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 2556	2036	d515db8043d274236077905381887e59.exe	28
PID 2036 wrote to memory of 2556	2036	d515db8043d274236077905381887e59.exe	28
PID 2036 wrote to memory of 2556	2036	d515db8043d274236077905381887e59.exe	28
PID 2036 wrote to memory of 2556	2036	d515db8043d274236077905381887e59.exe	28

C:\Users\Admin\AppData\Local\Temp\d515db8043d274236077905381887e59.exe
"C:\Users\Admin\AppData\Local\Temp\d515db8043d274236077905381887e59.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Users\Admin\AppData\Local\Temp\d515db8043d274236077905381887e59.exe
  C:\Users\Admin\AppData\Local\Temp\d515db8043d274236077905381887e59.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d515db8043d274236077905381887e59.exe

Filesize
1.6MB

MD5
76bc4aba7324a1de10f0374b03582c50

SHA1
e273570df2de8e70664b4198408e3a30062f8fea

SHA256
29541cb7765d2ab71b1e9fb325b9f96593aa66de20ea6b46e7f0095994c85183

SHA512
44361ad55898044764d5a8c07f7a5b3d036a3535614c17a0acce9a9bff2176804ffb932a0c1d0a4086913c140779fa30a72e556318e84d9d2fc4e7fe09ed04f1

Download Submit
\Users\Admin\AppData\Local\Temp\d515db8043d274236077905381887e59.exe

Filesize
256KB

MD5
b99d829bfcd419be28a4568a89bd30c1

SHA1
7e264e823f9ed8dee3991c9e4ee8186e68491f31

SHA256
979d1684ec726d925bb863d9fd0e8a4df39d31722683d0d20adf28ce260d871d

SHA512
fcffb102c75fac4e0fe8d774b365940dc3f75d7d6f6513e332fddfe4b8fc121adc7a944c3f23b5af775786ee335e02e38363000e78ffab94993a4f3d6cbd7d46

Download Submit
memory/2036-15-0x00000000038E0000-0x0000000003DC7000-memory.dmp

Filesize
4.9MB

Download
memory/2036-2-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2036-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2036-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2036-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2036-31-0x00000000038E0000-0x0000000003DC7000-memory.dmp

Filesize
4.9MB

Download
memory/2556-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2556-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2556-19-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2556-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2556-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2556-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download