15b47e13d9490ccdc1a08bf2fa34e592e4f8c6e97eb93ef0a0b35721d8b93dac

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df67eb17f093970734813496601db806.exe
Size

2.7MB
MD5

df67eb17f093970734813496601db806
SHA1

3b7e06e2fdeb7f969d62fdb18decc72535af0ea0
SHA256

15b47e13d9490ccdc1a08bf2fa34e592e4f8c6e97eb93ef0a0b35721d8b93dac
SHA512

c0494ad1396195ecfd18ee65f5135c4f18892accee224432a69f5f9f7afb85e86dcebbbf4a5c5bbcd4321e12e45880972438fb175e203e2092bb9ae37774776f
SSDEEP

49152:u3WxOP/4X6ixg8wOGcFWkG9FoQ1lhR82y8QOWa1dVQ7pp:u3/4qixg8wUAkKFxffyk/1dS9p

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2116	df67eb17f093970734813496601db806.exe

Executes dropped EXE 1 IoCs

pid	Process
2116	df67eb17f093970734813496601db806.exe

Loads dropped DLL 1 IoCs

pid	Process
1928	df67eb17f093970734813496601db806.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1928-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001224c-10.dat	upx
behavioral1/memory/1928-14-0x0000000003770000-0x0000000003C5F000-memory.dmp	upx
behavioral1/files/0x000b00000001224c-13.dat	upx
behavioral1/memory/2116-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1928	df67eb17f093970734813496601db806.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1928	df67eb17f093970734813496601db806.exe
2116	df67eb17f093970734813496601db806.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2116	1928	df67eb17f093970734813496601db806.exe	28
PID 1928 wrote to memory of 2116	1928	df67eb17f093970734813496601db806.exe	28
PID 1928 wrote to memory of 2116	1928	df67eb17f093970734813496601db806.exe	28
PID 1928 wrote to memory of 2116	1928	df67eb17f093970734813496601db806.exe	28

C:\Users\Admin\AppData\Local\Temp\df67eb17f093970734813496601db806.exe
"C:\Users\Admin\AppData\Local\Temp\df67eb17f093970734813496601db806.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Users\Admin\AppData\Local\Temp\df67eb17f093970734813496601db806.exe
  C:\Users\Admin\AppData\Local\Temp\df67eb17f093970734813496601db806.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\df67eb17f093970734813496601db806.exe

Filesize
1.3MB

MD5
1af0780d408896dec2628d7b4273e851

SHA1
9fbc858f769997d2b3945f8000542a955e94bc25

SHA256
98203da159731c623cec4e5452633a07a08100a87d3e443d5c68fc82fd6da82f

SHA512
fe3a44abe0a4938564a505fca2b8877fd5fe889dcf6271ee1da8491c107f8320ddaa820c73e0df3cb4fe63856a5f87dbae00f36ff883452f37dda926fcb48e2b

Download Submit
\Users\Admin\AppData\Local\Temp\df67eb17f093970734813496601db806.exe

Filesize
1.8MB

MD5
790bdb308c2f1effda664d8399247484

SHA1
09d9bafa6e7276e4780eabb7f12d77c241c7c0fd

SHA256
73481db342836beecd55498b1846c5a605df7fbb6a93e409d70b8208293d3bbe

SHA512
95312b64a99bacadf2ea432fbdf91485a15186aefce2b666c8954ed7ae13c7584c2a9dc46b90b575e118db0976e4ea1a565c46a32ae08fab0cc2b9df799d5c12

Download Submit
memory/1928-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1928-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1928-14-0x0000000003770000-0x0000000003C5F000-memory.dmp

Filesize
4.9MB

Download
memory/1928-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1928-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2116-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2116-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2116-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2116-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2116-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2116-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download