82e0c069c5cecf4c467fe546dc0f0afa8f7dad258afada96b9e64d1ebeb5b8df

Analysis

max time kernel
118s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 12:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1b766ed00de414ba2529222c5215208.exe
Size

5.3MB
MD5

e1b766ed00de414ba2529222c5215208
SHA1

6e9f800788cdd96e684badd6edcd7405c646afaf
SHA256

82e0c069c5cecf4c467fe546dc0f0afa8f7dad258afada96b9e64d1ebeb5b8df
SHA512

fb9392a7ac5fb2418fff3bdb11777cf099c13e5c3aca3d6279a53e6cee3042f8cbcd677c2503a07101265f8bea82de72c1646707f071cde18dff9b1969131c66
SSDEEP

98304:WTSZST0xllEjwDTP0r2hUedIod96yQllEjwDTP0r2hUe:qSZSgaUiLeyaUiLe

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2452	e1b766ed00de414ba2529222c5215208.exe

Executes dropped EXE 1 IoCs

pid	Process
2452	e1b766ed00de414ba2529222c5215208.exe

Loads dropped DLL 1 IoCs

pid	Process
2248	e1b766ed00de414ba2529222c5215208.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2248-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0008000000012240-15.dat	upx
behavioral1/files/0x0008000000012240-13.dat	upx
behavioral1/files/0x0008000000012240-11.dat	upx
behavioral1/memory/2452-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2248	e1b766ed00de414ba2529222c5215208.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2248	e1b766ed00de414ba2529222c5215208.exe
2452	e1b766ed00de414ba2529222c5215208.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2452	2248	e1b766ed00de414ba2529222c5215208.exe	28
PID 2248 wrote to memory of 2452	2248	e1b766ed00de414ba2529222c5215208.exe	28
PID 2248 wrote to memory of 2452	2248	e1b766ed00de414ba2529222c5215208.exe	28
PID 2248 wrote to memory of 2452	2248	e1b766ed00de414ba2529222c5215208.exe	28

C:\Users\Admin\AppData\Local\Temp\e1b766ed00de414ba2529222c5215208.exe
"C:\Users\Admin\AppData\Local\Temp\e1b766ed00de414ba2529222c5215208.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\e1b766ed00de414ba2529222c5215208.exe
  C:\Users\Admin\AppData\Local\Temp\e1b766ed00de414ba2529222c5215208.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e1b766ed00de414ba2529222c5215208.exe

Filesize
2.5MB

MD5
39d804f42d49eab14aacee80b4bbc189

SHA1
e6a05497f9ffc9c107bdfc2c11928b1476f840f0

SHA256
5e2f24d9a756bb6965266f348036198d474ef56fecdbc49d2b6d2bb6e4fc6540

SHA512
e7f09efa3c74fce407e4758371628d2b84a25ac338e4db435af9631bbac1d0dc4dab97243d3c6b212b7cb2bebac34d926474d2e643b62c869997a09886c765ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\e1b766ed00de414ba2529222c5215208.exe

Filesize
3.8MB

MD5
ab4ce5f5af40a8c7f9b47d6201e52235

SHA1
42a4a16f16d9d42e766a962020a9aa297ef43f17

SHA256
5e76937ab359471fee26c327221e31f3de842da87053dec1de21c3e141aa82cb

SHA512
3c8acede23004811f4548a1973cf2feaefceaf577d243ff77ed67f880d38e9fee3b93161cd42c880312f9e88394ef79b56b0fd7ab1e1d8d29185d341b1f19625

Download Submit
\Users\Admin\AppData\Local\Temp\e1b766ed00de414ba2529222c5215208.exe

Filesize
4.4MB

MD5
226ed1fc517c2f7df58129d49dc79e60

SHA1
51fc776625442e37cf370b1518389c7871e4afcf

SHA256
acde4a764cd2f5020ba03bd0fbafe4d4a81023a03d33b2661dc7f4ba9cdb0449

SHA512
107c146113502df7eaebd658ff9dd7cff789b808e6f801f1967d398d11f9f1dba37c7478bdbbb0de1a2fe25c65660bf96385b6a44e762365b97d777fb3add014

Download Submit
memory/2248-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2248-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2248-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2248-2-0x0000000000250000-0x0000000000362000-memory.dmp

Filesize
1.1MB

Download
memory/2248-16-0x0000000003E70000-0x00000000042DA000-memory.dmp

Filesize
4.4MB

Download
memory/2248-26-0x0000000003E70000-0x00000000042DA000-memory.dmp

Filesize
4.4MB

Download
memory/2452-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2452-18-0x0000000000270000-0x0000000000382000-memory.dmp

Filesize
1.1MB

Download
memory/2452-19-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2452-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download