119e7dc97657bafae8f25a38a6a1efe32c067d7302f0a1e3419a906e8be6cde2

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d580b3602b516cbc90da67feab24af5b.exe
Size

1.3MB
MD5

d580b3602b516cbc90da67feab24af5b
SHA1

9c92b76a09ac6974a45305c8bd8f94a60c977c50
SHA256

119e7dc97657bafae8f25a38a6a1efe32c067d7302f0a1e3419a906e8be6cde2
SHA512

89042770858423841cf9d2e8099aee587673be9d14c46824310cb178f8cb45dbb5b1da5dda1a39ce0304f8db631de6c1bbbc478be98aaf60d62dd73cab64d375
SSDEEP

24576:fa/AnVEkmbSlZbDDLEYQhEu7SgMk5xAoBeD4cKVVBOvOWO:CoEkkSlZbvg3hF7SgMkngD4FvBIOf

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2772	d580b3602b516cbc90da67feab24af5b.exe

Executes dropped EXE 1 IoCs

pid	Process
2772	d580b3602b516cbc90da67feab24af5b.exe

Loads dropped DLL 1 IoCs

pid	Process
1812	d580b3602b516cbc90da67feab24af5b.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1812-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d000000012267-12.dat	upx
behavioral1/files/0x000d000000012267-13.dat	upx
behavioral1/memory/2772-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1812	d580b3602b516cbc90da67feab24af5b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1812	d580b3602b516cbc90da67feab24af5b.exe
2772	d580b3602b516cbc90da67feab24af5b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 2772	1812	d580b3602b516cbc90da67feab24af5b.exe	28
PID 1812 wrote to memory of 2772	1812	d580b3602b516cbc90da67feab24af5b.exe	28
PID 1812 wrote to memory of 2772	1812	d580b3602b516cbc90da67feab24af5b.exe	28
PID 1812 wrote to memory of 2772	1812	d580b3602b516cbc90da67feab24af5b.exe	28

C:\Users\Admin\AppData\Local\Temp\d580b3602b516cbc90da67feab24af5b.exe
"C:\Users\Admin\AppData\Local\Temp\d580b3602b516cbc90da67feab24af5b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Users\Admin\AppData\Local\Temp\d580b3602b516cbc90da67feab24af5b.exe
  C:\Users\Admin\AppData\Local\Temp\d580b3602b516cbc90da67feab24af5b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d580b3602b516cbc90da67feab24af5b.exe

Filesize
704KB

MD5
a8d470a4aaca2cb0097f5d1d3c52648c

SHA1
b856689d7a6d7d28ce697befb60458cadd9b1c78

SHA256
185796d7895f23ebc23e56b9cb71affda26fcd03726c3c039ba579cd7336079e

SHA512
a5aa45c5f6b7280b0ed4bf36c59a45fcd3ec0ab5c5ee08f724f8321f7edee4350c072618cb4eea5f24493e3364e50d1e05ab41da1de39b0d2827ae87bb11978e

Download Submit
C:\Users\Admin\AppData\Local\Temp\d580b3602b516cbc90da67feab24af5b.exe

Filesize
1.3MB

MD5
c1ca9cd92cea98946a84db693a9e170b

SHA1
a9d82ea78e875834a96a85d3dc3e76605d9c6d24

SHA256
a48cfd08201151b2df96d7231cb15eb8503b21531b898c647a2d25dc86a2d6f0

SHA512
f76089429f68cfd6559f305e8e9237b4bdb48b8b6c6c66420dfa04db88de521e21f4a6f25f735013e9b9c013fe66231ce8de5d3f0790447d48e675d5a9f012d9

Download Submit
memory/1812-3-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/1812-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1812-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1812-14-0x0000000003580000-0x0000000003A6F000-memory.dmp

Filesize
4.9MB

Download
memory/1812-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2772-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2772-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2772-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2772-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2772-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2772-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download