fc6f010cca9568dd3c6dfd7adddcbde237c4ebf8cf2f5b67991328ed9d3c358c

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 12:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d619013c422b4a379e59efbd56ab29d2.exe
Size

10.7MB
MD5

d619013c422b4a379e59efbd56ab29d2
SHA1

8b413a3af5c71394b19c9cf793f53d6aa76ddd78
SHA256

fc6f010cca9568dd3c6dfd7adddcbde237c4ebf8cf2f5b67991328ed9d3c358c
SHA512

59245b9e04c8b4de62feabc59b4f16008e620b6805915556504f5d3e79b5c6b6b038e574e81aab63bd6c0649eee3691734ef2571e52f982278d3a985d0eb8531
SSDEEP

196608:KHfdhSPv64i95HAMYSilYuWMqSPv64i95HAMdUQY029SPv64i95HAMYSilYuWMqJ:KHfdAdornii5IdordUE20dornii5Idor

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2740	d619013c422b4a379e59efbd56ab29d2.exe

Executes dropped EXE 1 IoCs

pid	Process
2740	d619013c422b4a379e59efbd56ab29d2.exe

Loads dropped DLL 1 IoCs

pid	Process
2524	d619013c422b4a379e59efbd56ab29d2.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2524-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000c00000001224f-11.dat	upx
behavioral1/files/0x000c00000001224f-16.dat	upx
behavioral1/memory/2740-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2524	d619013c422b4a379e59efbd56ab29d2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2524	d619013c422b4a379e59efbd56ab29d2.exe
2740	d619013c422b4a379e59efbd56ab29d2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 2740	2524	d619013c422b4a379e59efbd56ab29d2.exe	28
PID 2524 wrote to memory of 2740	2524	d619013c422b4a379e59efbd56ab29d2.exe	28
PID 2524 wrote to memory of 2740	2524	d619013c422b4a379e59efbd56ab29d2.exe	28
PID 2524 wrote to memory of 2740	2524	d619013c422b4a379e59efbd56ab29d2.exe	28

C:\Users\Admin\AppData\Local\Temp\d619013c422b4a379e59efbd56ab29d2.exe
"C:\Users\Admin\AppData\Local\Temp\d619013c422b4a379e59efbd56ab29d2.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Users\Admin\AppData\Local\Temp\d619013c422b4a379e59efbd56ab29d2.exe
  C:\Users\Admin\AppData\Local\Temp\d619013c422b4a379e59efbd56ab29d2.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d619013c422b4a379e59efbd56ab29d2.exe

Filesize
10.7MB

MD5
7acce41272ab4a2f899280a2b991a997

SHA1
116180085129e35b59fa67a9bd43e8c2e780d966

SHA256
8d841e18a415090b1fe5a0dc6638f374ca16ce89befa99039421a6208a7e0fb8

SHA512
3a335c30bcd76b3f36dbe54ca68b9313d0918daa8d69501f84a615924d185433c4957180873483e0e412219d9763052e30b992fe505f9bde83cbd6a64df963d1

Download Submit
\Users\Admin\AppData\Local\Temp\d619013c422b4a379e59efbd56ab29d2.exe

Filesize
192KB

MD5
117dfd0df367760bd67edbe23f365f69

SHA1
4e77f7089b247bbd719ad82bfb1d1ed35e2508fa

SHA256
295766e4490b81b0ae8af7161d8c867ba8403a615e45414ad1b2963a74a8df37

SHA512
e3a656ef0a7c19459861529bc9c33f47a565e05d307ebf9d2ddf11d0b7bbd3e77bf4cc645b0cfe1b93fcd03e7cafa67782259b954785284fcbfbd6875bc5fd43

Download Submit
memory/2524-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2524-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2524-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2524-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2524-14-0x0000000004690000-0x0000000004AFA000-memory.dmp

Filesize
4.4MB

Download
memory/2740-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2740-20-0x0000000000290000-0x00000000003A2000-memory.dmp

Filesize
1.1MB

Download
memory/2740-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2740-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download