cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
09/10/2023, 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe
Size

2.8MB
MD5

ccc5598b80e21719d89a8cbd30929bf6
SHA1

3e4a250e8850d8ffd7a746e3498e1397c1469c12
SHA256

cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99
SHA512

64d7926959b91db1de115b0682137b10a87b877c2e8cb3952d27685621422f99d48d8d8e40a6243a924004f751634244fcb03ed37502bc308fb45bb7765b5715
SSDEEP

49152:HhU9s8TcwA64GEDBrlbHNHzHnfAe3h8ZaOlgBST1Wb:H6FE1rlrNHztOWb

Score

8^/10

upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2480	cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe

Loads dropped DLL 1 IoCs

pid	Process
2356	cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe

UPX packed file 49 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2356-1-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-3-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-5-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-9-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-11-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-14-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-19-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-21-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-23-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-28-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-32-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-36-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-38-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-42-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-46-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-44-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-40-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-34-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-30-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-26-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-17-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-7-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-2-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-0-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2356-47-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-51-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-53-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-54-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-56-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-58-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-60-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-62-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-64-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-66-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-68-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-70-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-74-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-77-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-80-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-83-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-86-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-89-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-92-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-95-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-98-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-101-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-104-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-106-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2480-107-0x0000000010000000-0x000000001003E000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2356	cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2356	cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe
2356	cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe
2356	cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe
2356	cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe
2480	cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe
2480	cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe
2480	cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe
2480	cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2480	2356	cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe	30
PID 2356 wrote to memory of 2480	2356	cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe	30
PID 2356 wrote to memory of 2480	2356	cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe	30
PID 2356 wrote to memory of 2480	2356	cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe	30

C:\Users\Admin\AppData\Local\Temp\cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe
"C:\Users\Admin\AppData\Local\Temp\cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Users\Admin\AppData\Local\Temp\cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe
  C:\Users\Admin\AppData\Local\Temp/\cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe

Filesize
2.8MB

MD5
59b09ac6814ec6bd7635d770721c41fa

SHA1
70599116005498db639d0411ed18008066655f0b

SHA256
d369ab548667550652a072a3708022b6befa4f17a8edfe3280d324f0fd7976fd

SHA512
6f8891a10f7ad2daca544e2d74cf7fc7fc20d70e739dea891d996c72e90868dd9b7a5e3c2a2437e24178234ca4f1ee836ac1ecd724be54526e3699e64c713cf3

Download Submit
\Users\Admin\AppData\Local\Temp\cb97900d58f8d7c60f357437a97ce30742ec408cba7fcf8543ba2c7c0b7a7f99.exe

Filesize
2.8MB

MD5
59b09ac6814ec6bd7635d770721c41fa

SHA1
70599116005498db639d0411ed18008066655f0b

SHA256
d369ab548667550652a072a3708022b6befa4f17a8edfe3280d324f0fd7976fd

SHA512
6f8891a10f7ad2daca544e2d74cf7fc7fc20d70e739dea891d996c72e90868dd9b7a5e3c2a2437e24178234ca4f1ee836ac1ecd724be54526e3699e64c713cf3

Download Submit
memory/2356-42-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-44-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-11-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-14-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-19-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-21-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-23-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-28-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-32-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-36-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-38-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-1-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-46-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-50-0x0000000000400000-0x000000000072C000-memory.dmp

Filesize
3.2MB

Download
memory/2356-40-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-34-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-30-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-26-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-17-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-7-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-2-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-0-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-47-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-5-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-9-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2356-3-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-89-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-53-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-54-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-56-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-58-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-60-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-62-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-64-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-66-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-68-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-70-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-74-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-77-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-80-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-83-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-86-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-51-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-92-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-95-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-98-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-101-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-104-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-106-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2480-107-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download