c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7

Analysis

max time kernel
17s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 04:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7.exe
Size

1.0MB
MD5

44acc6fdf90e99c6e41cad63d090833a
SHA1

216b76a268a8523f082a242b1f416eb636d208c4
SHA256

c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7
SHA512

b4ffd68857dd634fa9f02fe1642dbe738a70f13b19b79b4e2c31c2ac35f19a44ef5d08e1a92e7399e31ea76ea8afeb2d68a95d04a4e1d8e1b591e824a39f58cf
SSDEEP

24576:p6lbpW/x+rEPW75iM/rW9MKzptRHOjMqlAjuSyoEWjH5Ws:pD/x+rNliMjWxzlHOACA3hb5Ws

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1952	Youbak_MSN_PARTNER2036.exe
1900	Youbak_MSN_PARTNER2036.tmp

Loads dropped DLL 4 IoCs

pid	Process
316	cmd.exe
1952	Youbak_MSN_PARTNER2036.exe
1900	Youbak_MSN_PARTNER2036.tmp
1900	Youbak_MSN_PARTNER2036.tmp

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 304 wrote to memory of 316	304	c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7.exe	27
PID 304 wrote to memory of 316	304	c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7.exe	27
PID 304 wrote to memory of 316	304	c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7.exe	27
PID 304 wrote to memory of 316	304	c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7.exe	27
PID 316 wrote to memory of 1952	316	cmd.exe	29
PID 316 wrote to memory of 1952	316	cmd.exe	29
PID 316 wrote to memory of 1952	316	cmd.exe	29
PID 316 wrote to memory of 1952	316	cmd.exe	29
PID 1952 wrote to memory of 1900	1952	Youbak_MSN_PARTNER2036.exe	30
PID 1952 wrote to memory of 1900	1952	Youbak_MSN_PARTNER2036.exe	30
PID 1952 wrote to memory of 1900	1952	Youbak_MSN_PARTNER2036.exe	30
PID 1952 wrote to memory of 1900	1952	Youbak_MSN_PARTNER2036.exe	30
PID 1952 wrote to memory of 1900	1952	Youbak_MSN_PARTNER2036.exe	30
PID 1952 wrote to memory of 1900	1952	Youbak_MSN_PARTNER2036.exe	30
PID 1952 wrote to memory of 1900	1952	Youbak_MSN_PARTNER2036.exe	30

C:\Users\Admin\AppData\Local\Temp\c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7.exe
"C:\Users\Admin\AppData\Local\Temp\c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:304
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\~70FC.bat "C:\Users\Admin\AppData\Local\Temp\c486f613575aa5bb207020b3af6d5dd012496749ad80c0a720c7d324bc416bd7.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:316
- - C:\Users\Admin\AppData\Local\Youbak_MSN_PARTNER2036.exe
    "C:\Users\Admin\AppData\Local\Youbak_MSN_PARTNER2036.exe" /VERYSILENT /SP- /NORESTART
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\is-94BLI.tmp\Youbak_MSN_PARTNER2036.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-94BLI.tmp\Youbak_MSN_PARTNER2036.tmp" /SL5="$50120,737659,54272,C:\Users\Admin\AppData\Local\Youbak_MSN_PARTNER2036.exe" /VERYSILENT /SP- /NORESTART
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-94BLI.tmp\Youbak_MSN_PARTNER2036.tmp

Filesize
694KB

MD5
29bb632f057f068130e8a7877781a05d

SHA1
10060581eb95e61d6ac8176f692a2ae251149b32

SHA256
13065ec81bfdf70d1074f8fb90f6eaecae531b76e71ba1542f3cefc41a9e29c1

SHA512
0b66548ea8690d755566054f42a3886ac983f8402afd8ff27923f092a71c8404e16add8393d314ea056698f51ab0f3260c882c1447b35f73b1830458e70fd405

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-94BLI.tmp\Youbak_MSN_PARTNER2036.tmp

Filesize
694KB

MD5
29bb632f057f068130e8a7877781a05d

SHA1
10060581eb95e61d6ac8176f692a2ae251149b32

SHA256
13065ec81bfdf70d1074f8fb90f6eaecae531b76e71ba1542f3cefc41a9e29c1

SHA512
0b66548ea8690d755566054f42a3886ac983f8402afd8ff27923f092a71c8404e16add8393d314ea056698f51ab0f3260c882c1447b35f73b1830458e70fd405

Download Submit
C:\Users\Admin\AppData\Local\Temp\~70FC.bat

Filesize
78B

MD5
e179b6abdfffabcbaac2bcfa5f0ac4ff

SHA1
a2f6350ca96633ac247ae590e9d7177fd0e51755

SHA256
2d7ef0eb1abe131d817f79a38a0ed6ba96904df002f6864ff81deb595f9dfc48

SHA512
4b299029d984a133433b5494d44e80ad38dc56d2380ecdcad531e32f19237beab1b97f279c6b1f963806f08da1f8523db50e039addc2ffda5738ac68736ccf85

Download Submit
C:\Users\Admin\AppData\Local\Youbak_MSN_PARTNER2036.exe

Filesize
989KB

MD5
d88681c275fd71f42ccaee06e5901fc9

SHA1
3f051192a4ea9722d139cea2e7d7aef860880253

SHA256
980e63c8f1c312d3dda44b1fc79cc937357a36c585fcda7c51a433e36f1600a5

SHA512
f096de74e29554d8960803f272d5c8cd37304d5fcc55d54287d0bd24901c6bf6cf9ca0b33f4d3ee96cdce5fab50248abe9332e5eb47066eb32ee5102737d2d86

Download Submit
C:\Users\Admin\AppData\Local\Youbak_MSN_PARTNER2036.exe

Filesize
989KB

MD5
d88681c275fd71f42ccaee06e5901fc9

SHA1
3f051192a4ea9722d139cea2e7d7aef860880253

SHA256
980e63c8f1c312d3dda44b1fc79cc937357a36c585fcda7c51a433e36f1600a5

SHA512
f096de74e29554d8960803f272d5c8cd37304d5fcc55d54287d0bd24901c6bf6cf9ca0b33f4d3ee96cdce5fab50248abe9332e5eb47066eb32ee5102737d2d86

Download Submit
\Users\Admin\AppData\Local\Temp\is-2I4BV.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-2I4BV.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-94BLI.tmp\Youbak_MSN_PARTNER2036.tmp

Filesize
694KB

MD5
29bb632f057f068130e8a7877781a05d

SHA1
10060581eb95e61d6ac8176f692a2ae251149b32

SHA256
13065ec81bfdf70d1074f8fb90f6eaecae531b76e71ba1542f3cefc41a9e29c1

SHA512
0b66548ea8690d755566054f42a3886ac983f8402afd8ff27923f092a71c8404e16add8393d314ea056698f51ab0f3260c882c1447b35f73b1830458e70fd405

Download Submit
\Users\Admin\AppData\Local\Youbak_MSN_PARTNER2036.exe

Filesize
989KB

MD5
d88681c275fd71f42ccaee06e5901fc9

SHA1
3f051192a4ea9722d139cea2e7d7aef860880253

SHA256
980e63c8f1c312d3dda44b1fc79cc937357a36c585fcda7c51a433e36f1600a5

SHA512
f096de74e29554d8960803f272d5c8cd37304d5fcc55d54287d0bd24901c6bf6cf9ca0b33f4d3ee96cdce5fab50248abe9332e5eb47066eb32ee5102737d2d86

Download Submit
memory/304-54-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download
memory/1952-62-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1952-71-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads