6aefff1c302345da2d7f5f3968362c6c81d9d0b5488f96b884fbf91819b13359

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 08:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

debe4ceb4a7130aa9167feb43bbccf64.exe
Size

1.5MB
MD5

debe4ceb4a7130aa9167feb43bbccf64
SHA1

60747ac999d5da3096d3216e72727922acf22231
SHA256

6aefff1c302345da2d7f5f3968362c6c81d9d0b5488f96b884fbf91819b13359
SHA512

69f869519f5d3da10800b6a35e7d03ef9f3505760a20e0a57a71964e8f27d0a88ca1f3b254274ad13563eee6db83e8b847b98e606d5536b8d3094ec129ec172d
SSDEEP

24576:ZuOD2kj5kczo5nW8QynR1QVr1wiYE6TOfQS1WNncIDpzW:VjC9dyyTBiYE6Te1ic2

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2632	debe4ceb4a7130aa9167feb43bbccf64.exe

Executes dropped EXE 1 IoCs

pid	Process
2632	debe4ceb4a7130aa9167feb43bbccf64.exe

Loads dropped DLL 1 IoCs

pid	Process
2184	debe4ceb4a7130aa9167feb43bbccf64.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2184-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000e00000001225e-10.dat	upx
behavioral1/memory/2184-12-0x0000000003520000-0x0000000003A0F000-memory.dmp	upx
behavioral1/files/0x000e00000001225e-15.dat	upx
behavioral1/memory/2632-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2184	debe4ceb4a7130aa9167feb43bbccf64.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2184	debe4ceb4a7130aa9167feb43bbccf64.exe
2632	debe4ceb4a7130aa9167feb43bbccf64.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2632	2184	debe4ceb4a7130aa9167feb43bbccf64.exe	28
PID 2184 wrote to memory of 2632	2184	debe4ceb4a7130aa9167feb43bbccf64.exe	28
PID 2184 wrote to memory of 2632	2184	debe4ceb4a7130aa9167feb43bbccf64.exe	28
PID 2184 wrote to memory of 2632	2184	debe4ceb4a7130aa9167feb43bbccf64.exe	28

C:\Users\Admin\AppData\Local\Temp\debe4ceb4a7130aa9167feb43bbccf64.exe
"C:\Users\Admin\AppData\Local\Temp\debe4ceb4a7130aa9167feb43bbccf64.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\debe4ceb4a7130aa9167feb43bbccf64.exe
  C:\Users\Admin\AppData\Local\Temp\debe4ceb4a7130aa9167feb43bbccf64.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\debe4ceb4a7130aa9167feb43bbccf64.exe

Filesize
1.5MB

MD5
21761165bfbf24dbe3e5f3e7a118cd9d

SHA1
66c27f5a88dc92320841ee24e0bd5104d276922b

SHA256
fc17e37470f7e46d87d89696b0107781be25893aed7f74dd923df31542a65d37

SHA512
3d87649a15c41674aa5875721453129441bc7d3782ba513ba9539c8a84193dc8315eb3f8c66303b36bc351810aeddee4f92143228d46fbb6f8e40503f655d808

Download Submit
\Users\Admin\AppData\Local\Temp\debe4ceb4a7130aa9167feb43bbccf64.exe

Filesize
1.3MB

MD5
ad2c4078b49f93eedf09d2b5685f6768

SHA1
db79b956af636b4988eea18048b7cd15afb01dc6

SHA256
8d8496fdb75f98fb7a3bf88a16f2cc13f1db6a4cd621488b06a6978c687be3b6

SHA512
bd22c6b9d8e6f6cbfc837067b0000f33b60fe773a550c8c45d3cebf40a90d11d9c417ff430219ad8595ede25e3ed2995164b3b651e190eb1c5eb35249129d8f3

Download Submit
memory/2184-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2184-1-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2184-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2184-12-0x0000000003520000-0x0000000003A0F000-memory.dmp

Filesize
4.9MB

Download
memory/2184-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2632-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2632-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2632-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2632-23-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2632-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2632-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download