e58e0c933976e97b5aa6d317215583d4dddce6d589a217431968c85ba098cd08

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 16:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e212f1f8833a97c7879e6652384827d8.exe
Size

1.3MB
MD5

e212f1f8833a97c7879e6652384827d8
SHA1

23f6439896193cf334b0b4efb4c9548441edef9d
SHA256

e58e0c933976e97b5aa6d317215583d4dddce6d589a217431968c85ba098cd08
SHA512

99b672f4ec8ced0193c405869b42542cd7039647eec04b96f0a86276fa741495770cce9339c7fa930da576b51932eaa2a6dacacf9f1b06886dbf20df37265755
SSDEEP

24576:pinaNbTVjJ4HQm6nRZ6rkxtQtEcJikWSNjs9Txaq9vtMpEBBEU9/9Us:pOaNxJ4HtwxcVikWqwY8BjR9j

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1684	e212f1f8833a97c7879e6652384827d8.exe

Executes dropped EXE 1 IoCs

pid	Process
1684	e212f1f8833a97c7879e6652384827d8.exe

Loads dropped DLL 1 IoCs

pid	Process
2656	e212f1f8833a97c7879e6652384827d8.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2656-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000d00000001224c-10.dat	upx
behavioral1/files/0x000d00000001224c-14.dat	upx
behavioral1/memory/1684-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2656	e212f1f8833a97c7879e6652384827d8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2656	e212f1f8833a97c7879e6652384827d8.exe
1684	e212f1f8833a97c7879e6652384827d8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 1684	2656	e212f1f8833a97c7879e6652384827d8.exe	28
PID 2656 wrote to memory of 1684	2656	e212f1f8833a97c7879e6652384827d8.exe	28
PID 2656 wrote to memory of 1684	2656	e212f1f8833a97c7879e6652384827d8.exe	28
PID 2656 wrote to memory of 1684	2656	e212f1f8833a97c7879e6652384827d8.exe	28

C:\Users\Admin\AppData\Local\Temp\e212f1f8833a97c7879e6652384827d8.exe
"C:\Users\Admin\AppData\Local\Temp\e212f1f8833a97c7879e6652384827d8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Users\Admin\AppData\Local\Temp\e212f1f8833a97c7879e6652384827d8.exe
  C:\Users\Admin\AppData\Local\Temp\e212f1f8833a97c7879e6652384827d8.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\e212f1f8833a97c7879e6652384827d8.exe

Filesize
1.2MB

MD5
2a26b8d13371c766976acce9d14b44bb

SHA1
f593809b5449169a5dcc7c1062dc41bbd73f2c9c

SHA256
92eba3f638a4ee79ac234cf43cc1aee9b1f4f5939063dcd9ac2df7780357cf7c

SHA512
25056a31cc08f16a1632d26d2af79866f85894f85447dfb4cb6ec6245ecfa875dde5afb25f3876307fbeb6796551e9596a3fd1cf474ee5c7b0d1a54a06a38586

Download Submit
\Users\Admin\AppData\Local\Temp\e212f1f8833a97c7879e6652384827d8.exe

Filesize
1.3MB

MD5
33d05f68b1209e12ef13e8e9f3f95882

SHA1
e1b0ccda4c0102f3d7a15ed49271aecbc28bb09b

SHA256
177a5d9719dabc5577bdd932887b466a7dc3fa0d912b04729a1ec23dc2d95f4b

SHA512
dc3072bc723ecd7cd3eb2dbcca2fe5e509565326b95e49ec2eb8464746ccfe419817fff0d310754e2c73802817f168e908e9cd3455470c288e963973b7d6c7b5

Download Submit
memory/1684-18-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/1684-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1684-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1684-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1684-24-0x00000000033E0000-0x0000000003602000-memory.dmp

Filesize
2.1MB

Download
memory/1684-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2656-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2656-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2656-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2656-15-0x00000000034D0000-0x00000000039B7000-memory.dmp

Filesize
4.9MB

Download
memory/2656-1-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2656-31-0x00000000034D0000-0x00000000039B7000-memory.dmp

Filesize
4.9MB

Download