1720854197309fae87bd5907f8841e7f1245d92b52ab06204e5392a857614e11

Analysis

max time kernel
119s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5d8fa0ab7462cdf45082b506b5886fc.exe
Size

1.8MB
MD5

b5d8fa0ab7462cdf45082b506b5886fc
SHA1

e2c4d954feafbf06f05399c730ae46887f3fd290
SHA256

1720854197309fae87bd5907f8841e7f1245d92b52ab06204e5392a857614e11
SHA512

713aa88530143a5140c2c6583285845348837e91538ab86f98b7ad071db7397e550b63e5ad1031112c84b67a02c2df5eb6e70b2cb952b5ae94daa5c82a32d805
SSDEEP

49152:NWfrI7PYw4ToEuMnXDXTgqOMnss2BJVbhOwP:srIrYw4UcXDXC3BJthOm

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2764	b5d8fa0ab7462cdf45082b506b5886fc.exe

Executes dropped EXE 1 IoCs

pid	Process
2764	b5d8fa0ab7462cdf45082b506b5886fc.exe

Loads dropped DLL 1 IoCs

pid	Process
1444	b5d8fa0ab7462cdf45082b506b5886fc.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1444-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012238-10.dat	upx
behavioral1/memory/2764-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1444	b5d8fa0ab7462cdf45082b506b5886fc.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1444	b5d8fa0ab7462cdf45082b506b5886fc.exe
2764	b5d8fa0ab7462cdf45082b506b5886fc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1444 wrote to memory of 2764	1444	b5d8fa0ab7462cdf45082b506b5886fc.exe	28
PID 1444 wrote to memory of 2764	1444	b5d8fa0ab7462cdf45082b506b5886fc.exe	28
PID 1444 wrote to memory of 2764	1444	b5d8fa0ab7462cdf45082b506b5886fc.exe	28
PID 1444 wrote to memory of 2764	1444	b5d8fa0ab7462cdf45082b506b5886fc.exe	28

C:\Users\Admin\AppData\Local\Temp\b5d8fa0ab7462cdf45082b506b5886fc.exe
"C:\Users\Admin\AppData\Local\Temp\b5d8fa0ab7462cdf45082b506b5886fc.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Users\Admin\AppData\Local\Temp\b5d8fa0ab7462cdf45082b506b5886fc.exe
  C:\Users\Admin\AppData\Local\Temp\b5d8fa0ab7462cdf45082b506b5886fc.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\b5d8fa0ab7462cdf45082b506b5886fc.exe

Filesize
1.8MB

MD5
1bb93c2693443484dda4c7338048b30c

SHA1
4cc0620083e14e4735f098cc59a169f696289ab9

SHA256
8a479263605c9a0e25eee775a94817f60b698cdf0fdba0f3fb514aa7f2464ea1

SHA512
0fd7c10fad3fb162b18dd4031e7ce806c5db03b44ed6bf29cea257f70706c244268f62d897362a30b968540f8bbea31c2caa587e4001068018bf2b080e7e7083

Download Submit
memory/1444-31-0x0000000003470000-0x000000000395F000-memory.dmp

Filesize
4.9MB

Download
memory/1444-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1444-2-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/1444-15-0x0000000003470000-0x000000000395F000-memory.dmp

Filesize
4.9MB

Download
memory/1444-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1444-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2764-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2764-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2764-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2764-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2764-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2764-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download