06b83b6bc1f6e2ba80f84f9749c234b0075b2157bec1c387add12b87b81eaac9

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-03-2024 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6750cb03545797c0070dfdeeac8c25a.exe
Size

2.9MB
MD5

d6750cb03545797c0070dfdeeac8c25a
SHA1

4acd40870186dfe0b13edee4240ebc1d2071400b
SHA256

06b83b6bc1f6e2ba80f84f9749c234b0075b2157bec1c387add12b87b81eaac9
SHA512

77c827d7d269ac1eaabb087b639ba69ce716d59fe2be99034a92b87dc1a56aa35eefd7878fd9bbc891b171647a01d55c2d2dc62b6898ccdc538ffdf8ea19cf05
SSDEEP

49152:W5O9JB/DqZqs3LKrJrFM6s3cp8IP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:DBDqD3LKrJhZsMp8Igg3gnl/IVUs1jek

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1152	d6750cb03545797c0070dfdeeac8c25a.exe

Executes dropped EXE 1 IoCs

pid	Process
1152	d6750cb03545797c0070dfdeeac8c25a.exe

Loads dropped DLL 1 IoCs

pid	Process
2004	d6750cb03545797c0070dfdeeac8c25a.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2004-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c0000000122dd-10.dat	upx
behavioral1/files/0x000c0000000122dd-13.dat	upx
behavioral1/memory/2004-14-0x00000000037F0000-0x0000000003CDF000-memory.dmp	upx
behavioral1/files/0x000c0000000122dd-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2004	d6750cb03545797c0070dfdeeac8c25a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2004	d6750cb03545797c0070dfdeeac8c25a.exe
1152	d6750cb03545797c0070dfdeeac8c25a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 1152	2004	d6750cb03545797c0070dfdeeac8c25a.exe	28
PID 2004 wrote to memory of 1152	2004	d6750cb03545797c0070dfdeeac8c25a.exe	28
PID 2004 wrote to memory of 1152	2004	d6750cb03545797c0070dfdeeac8c25a.exe	28
PID 2004 wrote to memory of 1152	2004	d6750cb03545797c0070dfdeeac8c25a.exe	28

C:\Users\Admin\AppData\Local\Temp\d6750cb03545797c0070dfdeeac8c25a.exe
"C:\Users\Admin\AppData\Local\Temp\d6750cb03545797c0070dfdeeac8c25a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Users\Admin\AppData\Local\Temp\d6750cb03545797c0070dfdeeac8c25a.exe
  C:\Users\Admin\AppData\Local\Temp\d6750cb03545797c0070dfdeeac8c25a.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d6750cb03545797c0070dfdeeac8c25a.exe

Filesize
2.2MB

MD5
6607c64c2b8215c1be61300a0c4c71c6

SHA1
a5b691eb0149ab29c1009965bfe05e6da2694d1a

SHA256
a7aff0d0167fcedf056a9bb647c0b19215cdc36ebaa1c51ff7a1cc8bbe72c862

SHA512
33509c6aea0b58d13308937a80900b6d5cd7ac7de064c4f35b2dc4d470a706451de21f08ca3871f99838e7732699851138fc9c1359f0aca5cfca822d66424b90

Download Submit
C:\Users\Admin\AppData\Local\Temp\d6750cb03545797c0070dfdeeac8c25a.exe

Filesize
2.8MB

MD5
584a8ac30a73423e8286f297a47dfbf6

SHA1
37db8f27ac3ac1611bf5c56c0fed68e5712aba9e

SHA256
899a0d4b944d3ffec04a748277b201dcda12c6c8e7b3ad3b969c5b786a496369

SHA512
1c30ad349e179ed6dd08ec82cda23af9ca5cef60905b21dfcfeeb8b413e08cbe7ae6c5e2a944884e9f7bce6ba2116636a720a97904e97726a20b035a42646abc

Download Submit
\Users\Admin\AppData\Local\Temp\d6750cb03545797c0070dfdeeac8c25a.exe

Filesize
2.9MB

MD5
f6d127d5da3cf0d5d2dd6eb676c082a9

SHA1
691b1cdd16d983bc4aa19a696b1dfdd1f7fb5f99

SHA256
80e5135422f4e0fc4282c86b85d85ef79838bd64a3f32c8b8af658e31b7eb470

SHA512
ac608d41bfe8c21fd93e54b31461abcd147eb962e8b1ddbf2ac774a11b6cade0987e6baf253b315940f99cbe71f514c2a86fccfa4ffe4a8f587caaa7aba8af8c

Download Submit
memory/1152-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1152-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1152-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1152-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1152-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/1152-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2004-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2004-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2004-14-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2004-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2004-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download