8387066f2b400cf334379ac317eba13e766b37be8226139eb79f9b261199612a

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d60ef7dd3f5f10dbb9e281341019e8e0.exe
Size

1.5MB
MD5

d60ef7dd3f5f10dbb9e281341019e8e0
SHA1

2f365904af7b142cd0063b21047f5d0108fb4927
SHA256

8387066f2b400cf334379ac317eba13e766b37be8226139eb79f9b261199612a
SHA512

7784e7daabae6858dad403d748ddd574e2c0485c47b1f4b5b7165031a7de79d3220194505b987f88bf4c91eefc35349ae344acfda4cf022f782506b6cd8fcc08
SSDEEP

24576:yBiQtQnrxVkNUwAL9IToI7b933ifQa9BoMBylFwy+7xvq5qTEwKBKO32fJ+sptPF:yBiiCrUNe9tfQkuMcd+9S5gmBl32fJoV

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3036	d60ef7dd3f5f10dbb9e281341019e8e0.exe

Executes dropped EXE 1 IoCs

pid	Process
3036	d60ef7dd3f5f10dbb9e281341019e8e0.exe

Loads dropped DLL 1 IoCs

pid	Process
2956	d60ef7dd3f5f10dbb9e281341019e8e0.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2956-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001220d-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2956	d60ef7dd3f5f10dbb9e281341019e8e0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2956	d60ef7dd3f5f10dbb9e281341019e8e0.exe
3036	d60ef7dd3f5f10dbb9e281341019e8e0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 3036	2956	d60ef7dd3f5f10dbb9e281341019e8e0.exe	28
PID 2956 wrote to memory of 3036	2956	d60ef7dd3f5f10dbb9e281341019e8e0.exe	28
PID 2956 wrote to memory of 3036	2956	d60ef7dd3f5f10dbb9e281341019e8e0.exe	28
PID 2956 wrote to memory of 3036	2956	d60ef7dd3f5f10dbb9e281341019e8e0.exe	28

C:\Users\Admin\AppData\Local\Temp\d60ef7dd3f5f10dbb9e281341019e8e0.exe
"C:\Users\Admin\AppData\Local\Temp\d60ef7dd3f5f10dbb9e281341019e8e0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Users\Admin\AppData\Local\Temp\d60ef7dd3f5f10dbb9e281341019e8e0.exe
  C:\Users\Admin\AppData\Local\Temp\d60ef7dd3f5f10dbb9e281341019e8e0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\d60ef7dd3f5f10dbb9e281341019e8e0.exe

Filesize
1.5MB

MD5
94aa52d6d1f037d7baa46c512d2470d0

SHA1
e0f2b687780fd08a8135f2a24f57892071fd9ab2

SHA256
7e8d6d02437a2d4548a08cb1c43586b72e81af5b1c1bd4c84a9e6a9f3cc057bd

SHA512
92883b3060535e1f06e098395d05c44285af7714ada8691b4199e886f0b46e5b67bc6dbe8af1291670946dc5d144b0610d357c725f4e9c43b9b791add0eabd30

Download Submit
memory/2956-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2956-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2956-2-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/2956-15-0x00000000035C0000-0x0000000003AAF000-memory.dmp

Filesize
4.9MB

Download
memory/2956-31-0x00000000035C0000-0x0000000003AAF000-memory.dmp

Filesize
4.9MB

Download
memory/2956-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3036-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3036-19-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/3036-24-0x0000000003590000-0x00000000037BA000-memory.dmp

Filesize
2.2MB

Download
memory/3036-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3036-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3036-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download