9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124

Analysis

max time kernel
39s
max time network
101s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-10-2022 07:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe
Size

569KB
MD5

79e0f131854c92dd268dfee059b841fd
SHA1

b46692c40c7618282e5ecbf4bf2de9328233bfdb
SHA256

9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124
SHA512

ddb935afe912c4b2e5108aae19da08e07b2928da42f45ad1d9e2ee36c2456042e6dfb4c5b97d82586bc04c1a806592e4ea11d2408d9b5b43d5846abab17ffd75
SSDEEP

12288:P6Wq4aaE6KwyF5L0Y2D1PqL9U/I8AeKmJJxexXeG+tKNnSF50z:NthEVaPqL9Uw83bjAxXjsF5C

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 19 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/788-55-0x0000000000400000-0x00000000004C0000-memory.dmp	upx
behavioral1/memory/788-58-0x0000000000400000-0x00000000004C0000-memory.dmp	upx
behavioral1/memory/908-72-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/memory/908-76-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/memory/908-84-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/files/0x0009000000012304-87.dat	upx
behavioral1/files/0x0009000000012304-92.dat	upx
behavioral1/files/0x0009000000012304-89.dat	upx
behavioral1/files/0x0009000000012304-93.dat	upx
behavioral1/files/0x0009000000012304-112.dat	upx
behavioral1/files/0x0009000000012304-122.dat	upx
behavioral1/memory/1548-126-0x0000000000400000-0x00000000004C0000-memory.dmp	upx
behavioral1/memory/1848-134-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/memory/908-139-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/memory/1684-97-0x0000000000400000-0x00000000004C0000-memory.dmp	upx
behavioral1/files/0x0009000000012304-95.dat	upx
behavioral1/memory/1716-83-0x0000000000400000-0x00000000004C0000-memory.dmp	upx
behavioral1/memory/908-82-0x0000000000400000-0x0000000000425000-memory.dmp	upx
behavioral1/memory/908-75-0x0000000000400000-0x0000000000425000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe
"C:\Users\Admin\AppData\Local\Temp\9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe"
1⤵
PID:788
- C:\Users\Admin\AppData\Local\Temp\9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe
  "C:\Users\Admin\AppData\Local\Temp\9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe" /AutoIt3ExecuteScript C:\Users\Admin\AppData\Local\Temp\tSVopKVRU
  2⤵
  PID:1716
- - C:\Users\Admin\AppData\Local\Temp\9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe
    "C:\Users\Admin\AppData\Local\Temp\9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe"
    3⤵
    PID:908
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c del /q /f %temp%\*.lnk
      4⤵
      PID:932
- - C:\Users\Admin\AppData\Local\Temp\9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe
    "C:\Users\Admin\AppData\Local\Temp\9306fd2d5d15d938fee55a5ec583e6eae439676d79f6a21b82b8fc22d3793124.exe"
    3⤵
    PID:1584

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp846cfcb9.bat"
1⤵
PID:836

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\SysWOW64\explorer.exe"
1⤵
PID:1316

C:\Users\Admin\AppData\Roaming\Puupb\saah.exe
"C:\Users\Admin\AppData\Roaming\Puupb\saah.exe"
1⤵
PID:1848

C:\Users\Admin\AppData\Roaming\Puupb\saah.exe
"C:\Users\Admin\AppData\Roaming\Puupb\saah.exe"
1⤵
PID:1928

C:\Users\Admin\AppData\Roaming\Puupb\saah.exe
"C:\Users\Admin\AppData\Roaming\Puupb\saah.exe" /AutoIt3ExecuteScript C:\Users\Admin\AppData\Local\Temp\tSVopKVRU
1⤵
PID:1548

C:\Users\Admin\AppData\Roaming\Puupb\saah.exe
"C:\Users\Admin\AppData\Roaming\Puupb\saah.exe"
1⤵
PID:1684

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
PID:840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tSVopKVRU

Filesize
5KB

MD5
0fa3a3837878f6635aa5a6b2e19cf9b5

SHA1
2e74e0320f43274d46c90b9c5e84423060086b94

SHA256
895f3be6e0edc5e3f4865ef93720fe5f1d07d54df04ed0fe01102012ccd71ae8

SHA512
c1361fab14378c235cc7018b41f2414b7f7bf540ab14700eefcf3b418b22258f01c83ac261322aff8fc6c25abff8489c8ca7eca1562b8ee24c9af7121643c818

Download Submit
C:\Users\Admin\AppData\Local\Temp\tSVopKVRU

Filesize
14KB

MD5
76d031b7ae6dcac2217752deda9b54eb

SHA1
fdf618ac61d2598e36d78f5c538041a148f85fe1

SHA256
effc0fb87d6ceb24ac1cac16fe47604c6dbbcb0d875cf47d131eb5e1e38c654d

SHA512
ad91bc53ff50d0ff188a521fbe206d7986a506001f64d4d8c22fa0fc986c83cf144101cf97a141900315d6c0bd3d156510c66eca38a2b8ec10e5e462c6f07a9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp846cfcb9.bat

Filesize
307B

MD5
3715264ccefa818d185b2b09ca29f1b8

SHA1
d8f747f53d09327c9e26ea388ab692ccf2315131

SHA256
29b4e336a19f586a6c5f47620e5125e72ac581fd8548b32ced237d777f0a1ebc

SHA512
ac47e2605251f8d7507f4a334875c52fe20f19ff51d32554c07062634c600177fb4d5aa56451c61d7a996a2f63f82b788e2fe64d1cdfc72f553184dc02e98ae3

Download Submit
C:\Users\Admin\AppData\Roaming\Puupb\saah.exe

Filesize
39KB

MD5
8c720fb9c45e15782426cc48b0b67342

SHA1
9877c8f70a44dfb8de1bb08134e020beb03dbfc7

SHA256
eed19f8661c7d0add740b0eaa78229095e87cf8e0696d03a1b2e52ce5ae2fab0

SHA512
cd5f0ece105791fb9d19feafef2291226a624b8652fb71208299129e28e96db6c4a7ff10cce6ebb32bcef1432878f8b23584ff6ff16341bd693aa1210fdb7ebf

Download Submit
C:\Users\Admin\AppData\Roaming\Puupb\saah.exe

Filesize
9KB

MD5
a747385ce220fadfc6c2409873529a5f

SHA1
18c8afe4cb4eb7724843dc3a1eb9475be79da0a4

SHA256
2baf49d1b01bb95394e4cc19f00954015c3c8145b79c64887ce31cdbc143a6a4

SHA512
dc2ca97cd0bc7698ce50de62fa31b004f646857dee78b0bfc80dcd9cf35361bf15566ba9fb39ec716cc6984036d68ac163a0aadb4d36f0c8d57561de62615bfa

Download Submit
C:\Users\Admin\AppData\Roaming\Puupb\saah.exe

Filesize
24KB

MD5
b96787e09ae7f0b11f140ea8641632a0

SHA1
3ef31a017297ae90e5decaf3cf5f003a97a4fd95

SHA256
d6c6eb7c9ccaae9527295d4ae0f7b3c521660651a2f34b54b6fbbe630b038a86

SHA512
c54a32170bf24ef27590cb5dc594da835e194237da08d70c390454560265b32b6fecc5e7cddedb718963e23e4b791c3ce9d9c0cd15c2714f04de923be31c40c7

Download Submit
C:\Users\Admin\AppData\Roaming\Puupb\saah.exe

Filesize
12KB

MD5
6c15b66d9507c1d3c27fd6cd2c655822

SHA1
46fccd8dd71e78b41ece3763ddd89bf828fcf9c8

SHA256
3404e21952594ebe23d90ecccd6243ec5545838369d30adcddd0217667b4a98c

SHA512
2016db6509c4e3b7fe002761ceb30c52a4d5e73c94d8fa7c5899f02a25bfaaed11b75bb249a234540d98ad067ae8e6fa26f124d0c8953185fcd7fe45ab5e3ecc

Download Submit
C:\Users\Admin\AppData\Roaming\Puupb\saah.exe

Filesize
12KB

MD5
b6b29b1493301ca67ac371eb97f9fc62

SHA1
97dd8ae6c6185c0aa44ccd20b72944cc851814a9

SHA256
864e75cae1b4a88bdf754e37e51e9ec6d4e67997553ad92f528ee416f180ac89

SHA512
dfbace267eb09bf5462f02a5248fd9af05a9f929ee8d1c04e37f4af14cc6378e6f13a4f906ac57efd5d62827f65fe2a687ec51f966a29856a2dd731de453e7dd

Download Submit
\Users\Admin\AppData\Roaming\Puupb\saah.exe

Filesize
7KB

MD5
bc18dc69c3c1e40966da5282a3cdd37c

SHA1
593160628aa7a7a648b56167efeb1190fcc9dfbb

SHA256
5186b3f7e5da0aa3e0872a37081fd5585d90c3264a33c8ff1b807dff8760bc8b

SHA512
d1215b8a92ebc7ae9706284d49da023b1b376be7d7af11b6fb9d985dc5c9877a681c51ea25291faad8d311b5708f7d14a254f83424d0fe092c8c8a19e0be0eb9

Download Submit
\Users\Admin\AppData\Roaming\Puupb\saah.exe

Filesize
13KB

MD5
01219fcf97fb5232a64469536a198943

SHA1
16d0fc62c21d8b482443999e94b71907071d65b4

SHA256
592002f29dc02362e2560e68020593a0e07668723c9b7ba35ae97071bae9e76c

SHA512
c996c76fa5c402c7029d8278f96e7af3b81758683141431129a7f8a3049ae073c99a9d7d317ce145454efa377aed6b07bc70d254ac4be5354d182292efd8cfd3

Download Submit
memory/788-58-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/788-54-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download
memory/788-55-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/908-76-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/908-71-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/908-72-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/908-82-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/908-75-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/908-139-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/908-84-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1316-133-0x0000000000080000-0x00000000000AE000-memory.dmp

Filesize
184KB

Download
memory/1316-143-0x0000000000080000-0x00000000000AE000-memory.dmp

Filesize
184KB

Download
memory/1316-141-0x0000000074751000-0x0000000074753000-memory.dmp

Filesize
8KB

Download
memory/1316-131-0x0000000000080000-0x00000000000AE000-memory.dmp

Filesize
184KB

Download
memory/1316-135-0x0000000000080000-0x00000000000AE000-memory.dmp

Filesize
184KB

Download
memory/1316-132-0x0000000000080000-0x00000000000AE000-memory.dmp

Filesize
184KB

Download
memory/1316-136-0x0000000000080000-0x00000000000AE000-memory.dmp

Filesize
184KB

Download
memory/1548-126-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/1584-74-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1584-60-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1584-100-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1584-61-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1584-66-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1584-68-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1584-81-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1584-80-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1584-63-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1584-65-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1684-97-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/1716-83-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/1848-134-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1928-140-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads