134f47830dbbdb1604e1f692b44ef43face3503b659657d4799189bef2d54203

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 14:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf7baa275f19af16b980cac936c53bcf.exe
Size

5.8MB
MD5

bf7baa275f19af16b980cac936c53bcf
SHA1

4a9a66aa54950e83df8fb91812f59eb4d6f9fc52
SHA256

134f47830dbbdb1604e1f692b44ef43face3503b659657d4799189bef2d54203
SHA512

faf7218f99c09cd477196c654e6194735f64a26cc798878288b060dd2f1b9269769479c6b4568d64ba2d8e027ca2d68397855e18a832e65423776e02020d71ca
SSDEEP

98304:VGmhoYGI1Kacgg3gnl/IVUs1jePsU6QYyieo2tEFgg3gnl/IVUs1jePs:VRnYgl/iBiPpjYyieP2gl/iBiP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2104	bf7baa275f19af16b980cac936c53bcf.exe

Executes dropped EXE 1 IoCs

pid	Process
2104	bf7baa275f19af16b980cac936c53bcf.exe

Loads dropped DLL 1 IoCs

pid	Process
292	bf7baa275f19af16b980cac936c53bcf.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/292-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00090000000122c9-13.dat	upx
behavioral1/memory/2104-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00090000000122c9-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
292	bf7baa275f19af16b980cac936c53bcf.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
292	bf7baa275f19af16b980cac936c53bcf.exe
2104	bf7baa275f19af16b980cac936c53bcf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 292 wrote to memory of 2104	292	bf7baa275f19af16b980cac936c53bcf.exe	21
PID 292 wrote to memory of 2104	292	bf7baa275f19af16b980cac936c53bcf.exe	21
PID 292 wrote to memory of 2104	292	bf7baa275f19af16b980cac936c53bcf.exe	21
PID 292 wrote to memory of 2104	292	bf7baa275f19af16b980cac936c53bcf.exe	21

C:\Users\Admin\AppData\Local\Temp\bf7baa275f19af16b980cac936c53bcf.exe
"C:\Users\Admin\AppData\Local\Temp\bf7baa275f19af16b980cac936c53bcf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:292
- C:\Users\Admin\AppData\Local\Temp\bf7baa275f19af16b980cac936c53bcf.exe
  C:\Users\Admin\AppData\Local\Temp\bf7baa275f19af16b980cac936c53bcf.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bf7baa275f19af16b980cac936c53bcf.exe

Filesize
188KB

MD5
ffa299217e54a2cede4fb43f0a7e5ccb

SHA1
8699d4c4d48514e3da288734aa032c379130468f

SHA256
1f3d56dc678f6c9c816dcd01306ce2aaabe74f71d492a146089b3b43f2b0d284

SHA512
a1b1aa643215e851011580b3e9c127015463e7827559fe7676d0fb5a2f64d11425b4f4db36abd6fe1bcc0a5f01afb420be5cc861813441e4480e90058dbea0f5

Download Submit
\Users\Admin\AppData\Local\Temp\bf7baa275f19af16b980cac936c53bcf.exe

Filesize
72KB

MD5
74b02db184df68d6d86562fe53b360a4

SHA1
6f11cc075c30295f8832d42df9f069bebdeba5ad

SHA256
66f7cef09a94f30661bbbdd33d23e30d8da1a5a44d2ed3b0a6b327766e375e64

SHA512
42669d831014289332646c6f0aa1123e43ed29523c59291c4608f2290ca83ddb4f725bcacb4b4190d78362769659cebc5dd260a6280505c0853e4aa50b07c71d

Download Submit
memory/292-15-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/292-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/292-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/292-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/292-31-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/292-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2104-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2104-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2104-26-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/2104-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2104-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2104-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download