7933b3d63d62f9673398f67c3a1ff361cab3bdd084f6a56a08f28e113ca7983f

Analysis

max time kernel
117s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 03:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ba4b40d0e2c9685f4427987afde7b20.exe
Size

5.3MB
MD5

5ba4b40d0e2c9685f4427987afde7b20
SHA1

32f1b0f291a836fa8424a18524c3db124551b7be
SHA256

7933b3d63d62f9673398f67c3a1ff361cab3bdd084f6a56a08f28e113ca7983f
SHA512

06e38b848d5c7943b13fca15d4da6be1d91a1c0ab9573f4e4da7ffb0191a72409c15b17aee243897564d3a408d5c86fdf5b05bfe818ab12df7ccf007133564c9
SSDEEP

98304:QydkLEGeiQP2B/CURrvmHY41Ar14MEK/CIuVla6BvHGFIz0kL6/je8lmHY41Ar1u:QakVS/im4iAJYLjNFmF+RLciim4iAJY/

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2660	5ba4b40d0e2c9685f4427987afde7b20.exe

Executes dropped EXE 1 IoCs

pid	Process
2660	5ba4b40d0e2c9685f4427987afde7b20.exe

Loads dropped DLL 1 IoCs

pid	Process
1432	5ba4b40d0e2c9685f4427987afde7b20.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1432-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a00000001225a-10.dat	upx
behavioral1/files/0x000a00000001225a-15.dat	upx
behavioral1/memory/2660-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1432	5ba4b40d0e2c9685f4427987afde7b20.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1432	5ba4b40d0e2c9685f4427987afde7b20.exe
2660	5ba4b40d0e2c9685f4427987afde7b20.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 2660	1432	5ba4b40d0e2c9685f4427987afde7b20.exe	28
PID 1432 wrote to memory of 2660	1432	5ba4b40d0e2c9685f4427987afde7b20.exe	28
PID 1432 wrote to memory of 2660	1432	5ba4b40d0e2c9685f4427987afde7b20.exe	28
PID 1432 wrote to memory of 2660	1432	5ba4b40d0e2c9685f4427987afde7b20.exe	28

C:\Users\Admin\AppData\Local\Temp\5ba4b40d0e2c9685f4427987afde7b20.exe
"C:\Users\Admin\AppData\Local\Temp\5ba4b40d0e2c9685f4427987afde7b20.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Users\Admin\AppData\Local\Temp\5ba4b40d0e2c9685f4427987afde7b20.exe
  C:\Users\Admin\AppData\Local\Temp\5ba4b40d0e2c9685f4427987afde7b20.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5ba4b40d0e2c9685f4427987afde7b20.exe

Filesize
286KB

MD5
f3ee07c2306f4eacd631e51d3ac2e3af

SHA1
66cd7026dcb3d9604d4cd8e5c1a9e747503fe4dc

SHA256
ffa61183255ae8b329e87e599228f8dd5cb79dad2732984abf282c8329b1b005

SHA512
803024c623723ed4fcb1a7edbf53db14ff67d6eb261b100592c553784aa61e3ac99d6891e49548dab0e364f82295ff37b98fbabd2298815451a612792ded9bf7

Download Submit
\Users\Admin\AppData\Local\Temp\5ba4b40d0e2c9685f4427987afde7b20.exe

Filesize
79KB

MD5
8a6d94eeb49aeb92d869860ac4ddf3a5

SHA1
0c246569013cbde3c240276643c8955e983c4199

SHA256
7817b0430c8b26a18365d32a140ea7480df64765a6af992f874d1836b3f224ec

SHA512
cdc137508f9a46a97d36846b755158abce97ec68ee50805ca0debc987aefdd89e8d76b0f77305a2b43dbed668c8d26cff60fa783927303b3d7dc4c54b2f30eea

Download Submit
memory/1432-14-0x0000000003CA0000-0x0000000004187000-memory.dmp

Filesize
4.9MB

Download
memory/1432-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1432-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1432-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1432-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2660-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2660-19-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2660-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2660-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2660-26-0x00000000036E0000-0x0000000003902000-memory.dmp

Filesize
2.1MB

Download
memory/2660-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download