d5652714fea2de49981ac94b4ca021dacb4e297bcabb74806429bd6154bbcf32

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 15:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5652714fea2de49981ac94b4ca021dacb4e297bcabb74806429bd6154bbcf32.exe
Size

23KB
MD5

66b56bd28db7359155b4e78e2c939ea1
SHA1

bbda194d0da5908dc0edd6630f04c94692fbd054
SHA256

d5652714fea2de49981ac94b4ca021dacb4e297bcabb74806429bd6154bbcf32
SHA512

f317bbc143fdfb3dcf5f994a12ef8fe65e647b6ee452d4012f6df3dbf8ca12edf56e4713be0940a5660045a3b77ee2440d425a94790c4f59c7e6c7b9897bb9a1
SSDEEP

192:cQnYdxLTDO+Bj4h42p5GvZ3VsTbuKf/9DF4C38CfNqtlwPJfcf3VIQgggggggggg:cue1Ta+Bjq4m5GvZ0/9DFX38tl7fGJ6

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

upkav.exe

pid process

1460 upkav.exe
Deletes itself 1 IoCs

Processes:

upkav.exe

pid process

1460 upkav.exe

pid	process
1460	upkav.exe

pid	process
1460	upkav.exe

Loads dropped DLL 2 IoCs

Processes:

d5652714fea2de49981ac94b4ca021dacb4e297bcabb74806429bd6154bbcf32.exe

pid	process
1932	d5652714fea2de49981ac94b4ca021dacb4e297bcabb74806429bd6154bbcf32.exe
1932	d5652714fea2de49981ac94b4ca021dacb4e297bcabb74806429bd6154bbcf32.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

d5652714fea2de49981ac94b4ca021dacb4e297bcabb74806429bd6154bbcf32.exe

description	pid	process	target process
PID 1932 wrote to memory of 1460	1932	d5652714fea2de49981ac94b4ca021dacb4e297bcabb74806429bd6154bbcf32.exe	upkav.exe
PID 1932 wrote to memory of 1460	1932	d5652714fea2de49981ac94b4ca021dacb4e297bcabb74806429bd6154bbcf32.exe	upkav.exe
PID 1932 wrote to memory of 1460	1932	d5652714fea2de49981ac94b4ca021dacb4e297bcabb74806429bd6154bbcf32.exe	upkav.exe
PID 1932 wrote to memory of 1460	1932	d5652714fea2de49981ac94b4ca021dacb4e297bcabb74806429bd6154bbcf32.exe	upkav.exe

C:\Users\Admin\AppData\Local\Temp\d5652714fea2de49981ac94b4ca021dacb4e297bcabb74806429bd6154bbcf32.exe
"C:\Users\Admin\AppData\Local\Temp\d5652714fea2de49981ac94b4ca021dacb4e297bcabb74806429bd6154bbcf32.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1932

C:\Users\Admin\AppData\Local\Temp\upkav.exe
C:\Users\Admin\AppData\Local\Temp\upkav.exe
2⤵
- Executes dropped EXE
- Deletes itself
PID:1460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\upkav.exe
Filesize
23KB

MD5
fbb95d749319b32a65ad912703fbd83f

SHA1
1e472f8b057248e07d95d11b588f207bfc0d0673

SHA256
619ad28f7a92377ba2371f0badaed1a20370bd746cdc596443e2332521fc76b7

SHA512
4f63616df88ce217fae0722c2256621d3ce3b5c6a8020aa22e55236ca2aa2b15f8aa44ed5369e73f0ba92014287eca28ac5fae19cb15320d15375a1483ed476d

Download Submit
C:\Users\Admin\AppData\Local\Temp\upkav.exe
Filesize
23KB

MD5
fbb95d749319b32a65ad912703fbd83f

SHA1
1e472f8b057248e07d95d11b588f207bfc0d0673

SHA256
619ad28f7a92377ba2371f0badaed1a20370bd746cdc596443e2332521fc76b7

SHA512
4f63616df88ce217fae0722c2256621d3ce3b5c6a8020aa22e55236ca2aa2b15f8aa44ed5369e73f0ba92014287eca28ac5fae19cb15320d15375a1483ed476d

Download Submit
\Users\Admin\AppData\Local\Temp\upkav.exe
Filesize
23KB

MD5
fbb95d749319b32a65ad912703fbd83f

SHA1
1e472f8b057248e07d95d11b588f207bfc0d0673

SHA256
619ad28f7a92377ba2371f0badaed1a20370bd746cdc596443e2332521fc76b7

SHA512
4f63616df88ce217fae0722c2256621d3ce3b5c6a8020aa22e55236ca2aa2b15f8aa44ed5369e73f0ba92014287eca28ac5fae19cb15320d15375a1483ed476d

Download Submit
\Users\Admin\AppData\Local\Temp\upkav.exe
Filesize
23KB

MD5
fbb95d749319b32a65ad912703fbd83f

SHA1
1e472f8b057248e07d95d11b588f207bfc0d0673

SHA256
619ad28f7a92377ba2371f0badaed1a20370bd746cdc596443e2332521fc76b7

SHA512
4f63616df88ce217fae0722c2256621d3ce3b5c6a8020aa22e55236ca2aa2b15f8aa44ed5369e73f0ba92014287eca28ac5fae19cb15320d15375a1483ed476d

Download Submit
memory/1460-56-0x0000000000000000-mapping.dmp

Download
memory/1460-60-0x0000000075981000-0x0000000075983000-memory.dmp

Filesize
8KB

Download
memory/1460-61-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1932-58-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download