Analysis
-
max time kernel
14s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
10/05/2024, 20:15
Behavioral task
behavioral1
Sample
UA.exe
Resource
win7-20240215-en
General
-
Target
UA.exe
-
Size
21.9MB
-
MD5
eaf9d126913ad50556da89a1bff1dafb
-
SHA1
424c14a7a295491d6a50d52df4e21f15dfbee06a
-
SHA256
da5f2100cae245b6bd2ba882b06b00dae5b209082638327d4b9882b51b7da99b
-
SHA512
22ae574e87fd9301cdfc62f029d0f13538d592d50b2be83bdb66f1486d86c8d5b345c412ec4694cacb2db8fc7f7cbcc3766598fb3eccf186af72d2fad0650f63
-
SSDEEP
393216:Dv9Yum5QaN9qh2Jp5M+6PDR/qobcZc0FDmPZmCeq1:L9YuKQoqhnDcobQcmDmRB
Malware Config
Signatures
-
Loads dropped DLL 7 IoCs
pid Process 1576 UA.exe 1576 UA.exe 1576 UA.exe 1576 UA.exe 1576 UA.exe 1576 UA.exe 1576 UA.exe -
resource yara_rule behavioral1/files/0x000500000001c893-163.dat upx behavioral1/memory/1576-165-0x000007FEF6070000-0x000007FEF64F1000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1656 wrote to memory of 1576 1656 UA.exe 28 PID 1656 wrote to memory of 1576 1656 UA.exe 28 PID 1656 wrote to memory of 1576 1656 UA.exe 28
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD52083c4c18b0b2d501995bf1af79bbcf1
SHA19cbd7dd86fba3f1829d2f9614caa83958f690e99
SHA25601b61d57ba1290bf2640ecee28de3d240eeb09e9c664c0f4d0f9402cd1da5eaf
SHA5125eb5455989e1dbc8655c510d2b596d422078ecef8342d9d10797eba2d8aa1562b9037ede35f00222c3cfb6f46e003bd4bd1e17faa2d19e0aeb63e970c978da23
-
Filesize
22KB
MD5bf87834418025b5894d2130668352125
SHA1ef15f9b1ae6fb271549dd2cef8fb11ba5633c865
SHA256408081a4655ee846c1067aaafe462a62fa3a562341e681d0dbbf3400362f5cf7
SHA512b115687e542fc1a7f342cf610c450dc726d79e7b8e63bb2d5761a47464796fbf8c880ed811149443734f0d47c4cf8b2694a3703004d69cbd62fbf2a96d9667ec
-
Filesize
1.4MB
MD5066d7263ca06f10f3a756472a6f45b2d
SHA1ea7a483bc76be84f5803413d547f1962b2e8028a
SHA2569b499df53845b2b61c612143113f3574a4c66ef90322579142f8eea0c7d9326f
SHA5122c00b4a9bde97d6faa030677a62a8f9db407ed720f61c4ddb36f312f279a21fa675b045383be613f59a01a6cc42a0e73328e54d8774fa68c82fb9b3faae59a42
-
Filesize
1.1MB
MD58f53604f28132832353c099fadb2a54c
SHA17679e25d80e7d551c390e6ac6f7561bf2368f734
SHA2565d652e1ba943587035b573e0dbcdc8a2f114030ac5cae4894805cc228dda3d22
SHA5125b7e3775a0eca8ade32e092287342f20c80ba3f96ce2008eff5a68e0ac952087f4a19ca5f6a7bf1e3a8add8aed49ec8168238461f777445104bae9d89b99a43a
-
Filesize
22KB
MD5aaf93ef5c6eca9434286274ef91794dd
SHA1b68cd2f56e5c840346e3ad52255a6061c1797a7b
SHA2564413208101061038455b7e0752fb37d4108b3ec4642d10cbaddf835b3843888e
SHA51204a30769851b829e71ba0ab3f1a76eceae565dd639047b4c6ff9952bc4d6502d117eec81e151843dfaa147894e3046a333e39d2dae2ae65effd7dc1b91368541
-
Filesize
22KB
MD59e1e3021560384db14b76243df9604e4
SHA1f79a3241314f18db0b979af8e114c191d499a7c9
SHA256197b29ba3989e8d974e29f81fbddd0731051399dc40763bda998a1e36d1c3ab4
SHA5123187122bd3e20dc74efac802b86c612573682370a8b24c3ec7769e67de525b68c91506b85df3ea2d028d4018d14833c980ab2b220aee41b96e2dd9c9d0a67914
-
Filesize
22KB
MD580bd4ecd52c736047b21f0c4c6bdaa95
SHA18ac491285818f19485351253129889839d97aedf
SHA25604f932559f3e5eec0d929d60ab501fc0f6037e97b241e2b3ddd3ad16fedaa23c
SHA5123f79a2c1635eec05c7a9e561842e2bed227d1d3db72b6cc34e121bfeb29755d51db707bee955a1d1e24e4faea8ef8426283b8c0820a528001851600ab20cf7e3