0c223a04a3eeb288383eeed66e45421adc6e0537eed7acb6e5d9468b2647b2a8

Analysis

max time kernel
118s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de18205d811fcbe6158e492e1e76cc00.exe
Size

2.9MB
MD5

de18205d811fcbe6158e492e1e76cc00
SHA1

2e3711e2f3be38a6e2e7d552eab15f1b370f0c06
SHA256

0c223a04a3eeb288383eeed66e45421adc6e0537eed7acb6e5d9468b2647b2a8
SHA512

e5bb3e5d007792065c9a2fe7e705ba665e44ac7d30b143966022aa52296f906c647a9def2693a632c41afedf827b71cd5a30b8c4fc83ced55db2b9c656984c06
SSDEEP

49152:lICmgFsYbAUOKRGcx23Bn3jBSiD3a9Eh8jmq9s8VAB+PeB6tbKiw8Vdb6X:lICm/YbAKRGcx23Llh8jNtlmYt+4o

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2840	de18205d811fcbe6158e492e1e76cc00.exe

Executes dropped EXE 1 IoCs

pid	Process
2840	de18205d811fcbe6158e492e1e76cc00.exe

Loads dropped DLL 1 IoCs

pid	Process
2180	de18205d811fcbe6158e492e1e76cc00.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2180-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000e000000012110-10.dat	upx
behavioral1/files/0x000e000000012110-12.dat	upx
behavioral1/files/0x000e000000012110-13.dat	upx
behavioral1/memory/2840-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2180	de18205d811fcbe6158e492e1e76cc00.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2180	de18205d811fcbe6158e492e1e76cc00.exe
2840	de18205d811fcbe6158e492e1e76cc00.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2840	2180	de18205d811fcbe6158e492e1e76cc00.exe	28
PID 2180 wrote to memory of 2840	2180	de18205d811fcbe6158e492e1e76cc00.exe	28
PID 2180 wrote to memory of 2840	2180	de18205d811fcbe6158e492e1e76cc00.exe	28
PID 2180 wrote to memory of 2840	2180	de18205d811fcbe6158e492e1e76cc00.exe	28

C:\Users\Admin\AppData\Local\Temp\de18205d811fcbe6158e492e1e76cc00.exe
"C:\Users\Admin\AppData\Local\Temp\de18205d811fcbe6158e492e1e76cc00.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Users\Admin\AppData\Local\Temp\de18205d811fcbe6158e492e1e76cc00.exe
  C:\Users\Admin\AppData\Local\Temp\de18205d811fcbe6158e492e1e76cc00.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\de18205d811fcbe6158e492e1e76cc00.exe

Filesize
1.8MB

MD5
1066db259e82979b6b191fa7cb153245

SHA1
4d4f8c8297ae7e0eb4737e687df808a4fb4fbaa3

SHA256
cdfb5770c65c27593ead1ad847cbaa09565a7d4025fb9a9969d6cb6a37159762

SHA512
c325ef40c08de1880ee636b87616845b93f73ae3d5309d59e43d65675f13a6e08f7c0f30f4b0b50f9e27efd8a3ccdea61902bada4db54cf6e92e03516697e005

Download Submit
C:\Users\Admin\AppData\Local\Temp\de18205d811fcbe6158e492e1e76cc00.exe

Filesize
1.9MB

MD5
e969ca2b76745aa72685ce731572db71

SHA1
c6608b3678464fe6a35c143b2389ee9800809e6b

SHA256
1f38617fe319fcfd6fbaff023e643fb7b4436c33f6d3e7d6409c308aed2991b3

SHA512
06ad3858ceb7b6bd04a3892ef187e491564b21b301d73ea68a337a616e871b7a665bf33b5592336eec32c86ae74abb580f65b0f17cee5ceca4fcd253fe7632ed

Download Submit
\Users\Admin\AppData\Local\Temp\de18205d811fcbe6158e492e1e76cc00.exe

Filesize
1.8MB

MD5
9c1008e7461369bbd38c16895f9447a3

SHA1
ecd5869980e24a72722a066d389d19a04b7b7b24

SHA256
82a7a96d06a44ca67fbe7d645f6a1fe9fa27361819ee321c39c2dc7ba27dea41

SHA512
183ddc83fccce73dd1b1b945f9a400717ad6f3443bf7a4643389b7891321aed4482cee81b971082593703cc7b6d5fb6089cf994cbc846990a39f710d1dc8f2b8

Download Submit
memory/2180-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2180-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2180-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2180-2-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2840-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2840-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2840-22-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2840-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2840-16-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2840-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download