267e043bc214de8278fdc2b49d3d1427a382c2f12a13c42f4389da32b5a1a589

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dec92046a3aa28d0e0f7ecf7bbe2acc1.exe
Size

2.9MB
MD5

dec92046a3aa28d0e0f7ecf7bbe2acc1
SHA1

d5531ad9a3d5bd24c9923477d70b5969e64d6611
SHA256

267e043bc214de8278fdc2b49d3d1427a382c2f12a13c42f4389da32b5a1a589
SHA512

40b2790ee125e608fdcf35a2ab996af60eeafd2e4624b227fe2e6a2f5263bf01329cabe2dd6fd3760b1961d8f9f2ad827a3317383c93df3246f005c6e98bd891
SSDEEP

49152:yGrbEiE1QECdjMJ6V7ola9MSnCQIFP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:fFE1QbjMJqpxVIFgg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2332	dec92046a3aa28d0e0f7ecf7bbe2acc1.exe

Executes dropped EXE 1 IoCs

pid	Process
2332	dec92046a3aa28d0e0f7ecf7bbe2acc1.exe

Loads dropped DLL 1 IoCs

pid	Process
1924	dec92046a3aa28d0e0f7ecf7bbe2acc1.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1924-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0010000000012248-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1924	dec92046a3aa28d0e0f7ecf7bbe2acc1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1924	dec92046a3aa28d0e0f7ecf7bbe2acc1.exe
2332	dec92046a3aa28d0e0f7ecf7bbe2acc1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2332	1924	dec92046a3aa28d0e0f7ecf7bbe2acc1.exe	28
PID 1924 wrote to memory of 2332	1924	dec92046a3aa28d0e0f7ecf7bbe2acc1.exe	28
PID 1924 wrote to memory of 2332	1924	dec92046a3aa28d0e0f7ecf7bbe2acc1.exe	28
PID 1924 wrote to memory of 2332	1924	dec92046a3aa28d0e0f7ecf7bbe2acc1.exe	28

C:\Users\Admin\AppData\Local\Temp\dec92046a3aa28d0e0f7ecf7bbe2acc1.exe
"C:\Users\Admin\AppData\Local\Temp\dec92046a3aa28d0e0f7ecf7bbe2acc1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Users\Admin\AppData\Local\Temp\dec92046a3aa28d0e0f7ecf7bbe2acc1.exe
  C:\Users\Admin\AppData\Local\Temp\dec92046a3aa28d0e0f7ecf7bbe2acc1.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\dec92046a3aa28d0e0f7ecf7bbe2acc1.exe

Filesize
2.9MB

MD5
974057b328fdfc6679e23c46ecb0f126

SHA1
89303e6ef013c8e46aebaade985bae2f64f1d2b9

SHA256
3854811e3f4b7c84bab803a1ad8442329e69439d5989fdc3f024276c41d944de

SHA512
fd3844f4250696a08b174d6662457ec466e168101d626dbf7efbe6f9bc7b1629d725b539ca4e2a0b04caedf68b2c3d4983461f25cb69a7888a0ca4a83663f73c

Download Submit
memory/1924-14-0x00000000038B0000-0x0000000003D9F000-memory.dmp

Filesize
4.9MB

Download
memory/1924-3-0x0000000000240000-0x0000000000373000-memory.dmp

Filesize
1.2MB

Download
memory/1924-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1924-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1924-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1924-31-0x00000000038B0000-0x0000000003D9F000-memory.dmp

Filesize
4.9MB

Download
memory/2332-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2332-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2332-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2332-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2332-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2332-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download