28ad0323bd7a692b01bbf441a58d0062cbe90aa8de651a7b06883f86dee85d58

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 13:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2a8d3fd34544949740db41ac7e94fe4.exe
Size

5.3MB
MD5

b2a8d3fd34544949740db41ac7e94fe4
SHA1

79365ab5f29defac636b08114e875576b4530532
SHA256

28ad0323bd7a692b01bbf441a58d0062cbe90aa8de651a7b06883f86dee85d58
SHA512

25f88e76d364fc2fcdb4186373bfb511a47e99aa46545acdd944ba29b0775a79207f39045671f7b9ecba3985f63793b21a51ef36e888207f999e702a7d0957ec
SSDEEP

98304:SgrEgCA+59SPv64i956mSLMW7QRYZwuSPv64i956mSLMW:xrR/Q9SPv64i95HAMQQRYXSPv64i95Hr

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2440	b2a8d3fd34544949740db41ac7e94fe4.exe

Executes dropped EXE 1 IoCs

pid	Process
2440	b2a8d3fd34544949740db41ac7e94fe4.exe

Loads dropped DLL 1 IoCs

pid	Process
2100	b2a8d3fd34544949740db41ac7e94fe4.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2100-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a000000012022-11.dat	upx
behavioral1/files/0x000a000000012022-13.dat	upx
behavioral1/memory/2440-19-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a000000012022-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2100	b2a8d3fd34544949740db41ac7e94fe4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2100	b2a8d3fd34544949740db41ac7e94fe4.exe
2440	b2a8d3fd34544949740db41ac7e94fe4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2440	2100	b2a8d3fd34544949740db41ac7e94fe4.exe	28
PID 2100 wrote to memory of 2440	2100	b2a8d3fd34544949740db41ac7e94fe4.exe	28
PID 2100 wrote to memory of 2440	2100	b2a8d3fd34544949740db41ac7e94fe4.exe	28
PID 2100 wrote to memory of 2440	2100	b2a8d3fd34544949740db41ac7e94fe4.exe	28

C:\Users\Admin\AppData\Local\Temp\b2a8d3fd34544949740db41ac7e94fe4.exe
"C:\Users\Admin\AppData\Local\Temp\b2a8d3fd34544949740db41ac7e94fe4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Users\Admin\AppData\Local\Temp\b2a8d3fd34544949740db41ac7e94fe4.exe
  C:\Users\Admin\AppData\Local\Temp\b2a8d3fd34544949740db41ac7e94fe4.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\b2a8d3fd34544949740db41ac7e94fe4.exe

Filesize
1.1MB

MD5
62520ca5ff5bade677d056353ebe6b81

SHA1
c51759bb399dc876c928746c95bb8fe527b7cedb

SHA256
ba61deb06a2e75b911a68381fa3ff0c3bd2069f5c7f8a183c9830c09ad5814f6

SHA512
6c9990d9a63c759ce6d52d3b64162c39d5cd7c3a523b929096edf2eebb90cd567c574bf2737524bc308d19b67f67b7ad2686c93e7ce81008494fd36bb070c0f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\b2a8d3fd34544949740db41ac7e94fe4.exe

Filesize
1.8MB

MD5
1920f918c758d0faeda5d4a70803b95b

SHA1
8098e6e4d969a026095993271fbef4fb0c5fbd69

SHA256
c9bb0841cb3b7a1977de0747ea7b95b2207a585e0c3222d1e834b7bba700f1cc

SHA512
f3738fce782b99cd3e0bb48c7eb028289b7a064b67f33864f0edba08af36e0eeaa63f12c7a7a2df43ac398a042c2690b052053c263cb501080a962db31bb9704

Download Submit
\Users\Admin\AppData\Local\Temp\b2a8d3fd34544949740db41ac7e94fe4.exe

Filesize
2.0MB

MD5
2cf74150ec39f0da22ccf49c24244d88

SHA1
1edd3477ac75c3937320c7c88532431efb8d2c91

SHA256
0c8340db1252e17d25960f2ca27a0af4451983afd8325d9cef76bdb8afe5bef0

SHA512
409c81ca278871e059fb054a73141f281bc451b4058a02f34a6c10e025259b255ef822420ed739ecc2d409c17c4ef17ae2b36efd43aeb616629cf698c3d11b9f

Download Submit
memory/2100-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2100-1-0x00000000002B0000-0x00000000003C2000-memory.dmp

Filesize
1.1MB

Download
memory/2100-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2100-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2100-16-0x0000000003AD0000-0x0000000003F3A000-memory.dmp

Filesize
4.4MB

Download
memory/2440-19-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2440-21-0x00000000002B0000-0x00000000003C2000-memory.dmp

Filesize
1.1MB

Download
memory/2440-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2440-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download