c9cb9c196105edb12c5c67e46dad896953159abe3e9fce43ee79aa2d1abc3789

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 03:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0b0b7d27833fc7b755a77fa58265bf9.exe
Size

5.3MB
MD5

e0b0b7d27833fc7b755a77fa58265bf9
SHA1

fa7f4ce04e86527235ee1d7777b5aac594870985
SHA256

c9cb9c196105edb12c5c67e46dad896953159abe3e9fce43ee79aa2d1abc3789
SHA512

69c45b1b504b0bebf0a18d228f33b584606fe57efce36a8f7d5d4311ca7cb9fe3e78473efd6d69d42786ae6d8a43c526f8b0de763635b902f2327ee28c85e235
SSDEEP

98304:/KN8N5rcFRD6SI4HBUCczzMHBCppAakYacXRH7V774HBUCczzMO:yXWC1C3AUacXRHJUWCq

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2968	e0b0b7d27833fc7b755a77fa58265bf9.exe

Executes dropped EXE 1 IoCs

pid	Process
2968	e0b0b7d27833fc7b755a77fa58265bf9.exe

Loads dropped DLL 1 IoCs

pid	Process
1132	e0b0b7d27833fc7b755a77fa58265bf9.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1132-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012266-10.dat	upx
behavioral1/files/0x0009000000012266-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1132	e0b0b7d27833fc7b755a77fa58265bf9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1132	e0b0b7d27833fc7b755a77fa58265bf9.exe
2968	e0b0b7d27833fc7b755a77fa58265bf9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 2968	1132	e0b0b7d27833fc7b755a77fa58265bf9.exe	28
PID 1132 wrote to memory of 2968	1132	e0b0b7d27833fc7b755a77fa58265bf9.exe	28
PID 1132 wrote to memory of 2968	1132	e0b0b7d27833fc7b755a77fa58265bf9.exe	28
PID 1132 wrote to memory of 2968	1132	e0b0b7d27833fc7b755a77fa58265bf9.exe	28

C:\Users\Admin\AppData\Local\Temp\e0b0b7d27833fc7b755a77fa58265bf9.exe
"C:\Users\Admin\AppData\Local\Temp\e0b0b7d27833fc7b755a77fa58265bf9.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Users\Admin\AppData\Local\Temp\e0b0b7d27833fc7b755a77fa58265bf9.exe
  C:\Users\Admin\AppData\Local\Temp\e0b0b7d27833fc7b755a77fa58265bf9.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e0b0b7d27833fc7b755a77fa58265bf9.exe

Filesize
5.3MB

MD5
c75f7ae456ee63cbc49bfa96e542ffb0

SHA1
343717f2033bef20294526e21c082aab9e4b9f4e

SHA256
a0c51cb71fdb8cd35c84b3fc8587fad1f75fc5a7b3e255cc6c08ead0a57f158d

SHA512
1e1569badbca895146e9dba827d2ba8db76d2c943fa687f05bc36f19461cfa2edef71201b887c0dda35826a17b1518bedf3774857e387480d73c2210ddf71d0d

Download Submit
\Users\Admin\AppData\Local\Temp\e0b0b7d27833fc7b755a77fa58265bf9.exe

Filesize
5.1MB

MD5
3c6bd988556bdb3526d9a8979f87d3df

SHA1
fcb9fdcb6c8fd31ed68c506abc10b85bae295b4f

SHA256
d9b8f5ac77c7702089e013bbad3db7ba100d9963f19232b11cd40f304750ff46

SHA512
5f62b5c3dbecfc2b19dde4093c7f996596f7f9a6fe6bdde74fc6edfc5ddaba77b74f27aa5e62da068177a1e423dfc892ee55fe0d9c9b47fef0dd2f89664fd19b

Download Submit
memory/1132-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1132-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1132-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1132-15-0x0000000003CD0000-0x00000000041BF000-memory.dmp

Filesize
4.9MB

Download
memory/1132-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1132-31-0x0000000003CD0000-0x00000000041BF000-memory.dmp

Filesize
4.9MB

Download
memory/2968-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2968-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2968-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2968-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2968-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2968-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download