cdb91b824093483d5775281248660b19fa8cb9b7a4ba293321d5a199c6b975bb

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 16:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa31bf0900ade59a187edc03c6855d87.exe
Size

5.3MB
MD5

fa31bf0900ade59a187edc03c6855d87
SHA1

8c540a1d93e1f3abcf7fbddf7ab031c506b1bc92
SHA256

cdb91b824093483d5775281248660b19fa8cb9b7a4ba293321d5a199c6b975bb
SHA512

872a9e821dff1bf5a90c07e30fcae8f784f99da7eec08da030f6787285c71fb0552ced2c96c8b32ccee2086df8bcb1b0fa7244970fc175507dcb3f5ae9d5b9ef
SSDEEP

98304:p4vnhN+Tz+bchPSKwf1EdpS3W4eTz8caEto90yTXJf1EdpS3W4f:IghG1EnwWTTzlaEtoLTX91EnwW8

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2204	fa31bf0900ade59a187edc03c6855d87.exe

Executes dropped EXE 1 IoCs

pid	Process
2204	fa31bf0900ade59a187edc03c6855d87.exe

Loads dropped DLL 1 IoCs

pid	Process
2348	fa31bf0900ade59a187edc03c6855d87.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2348-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2204-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000015df1-13.dat	upx
behavioral1/files/0x0009000000015df1-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2348	fa31bf0900ade59a187edc03c6855d87.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2348	fa31bf0900ade59a187edc03c6855d87.exe
2204	fa31bf0900ade59a187edc03c6855d87.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2204	2348	fa31bf0900ade59a187edc03c6855d87.exe	19
PID 2348 wrote to memory of 2204	2348	fa31bf0900ade59a187edc03c6855d87.exe	19
PID 2348 wrote to memory of 2204	2348	fa31bf0900ade59a187edc03c6855d87.exe	19
PID 2348 wrote to memory of 2204	2348	fa31bf0900ade59a187edc03c6855d87.exe	19

C:\Users\Admin\AppData\Local\Temp\fa31bf0900ade59a187edc03c6855d87.exe
"C:\Users\Admin\AppData\Local\Temp\fa31bf0900ade59a187edc03c6855d87.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Users\Admin\AppData\Local\Temp\fa31bf0900ade59a187edc03c6855d87.exe
  C:\Users\Admin\AppData\Local\Temp\fa31bf0900ade59a187edc03c6855d87.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\fa31bf0900ade59a187edc03c6855d87.exe

Filesize
100KB

MD5
259371b5d73696ec736f7c1037daf5a2

SHA1
44712153f32575cc871958864fefe1b5f2426d99

SHA256
5312245a986b89c256675a26767ef34d8da2696c86d1d96fb420e57054814a98

SHA512
ffc307a57304d464c6be16712961c7d9507ce4f89c2760c59eccad2ffb2efcc3bc99224634f4f76f7e088a530336b0f52f4319c917ac8e6db03edd47c1452934

Download Submit
\Users\Admin\AppData\Local\Temp\fa31bf0900ade59a187edc03c6855d87.exe

Filesize
90KB

MD5
8d335c248b8500127593aa99cbc36250

SHA1
d260342a5de192468389553a60b660854f1d8787

SHA256
d3db3713546a09316dd6d91c01a6cc5a9178ab63fc8cdaf72b5ab41f63d717b0

SHA512
fd137c43d953026467c3b09f0c2ab6b2fb79da7c1c39adf90f5f91bc56598506b0f25cf5416498125d4e0e5d79054c9c76fda3dfb70f69e62f228c1b60aac212

Download Submit
memory/2204-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2204-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2204-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2204-26-0x0000000003400000-0x000000000362A000-memory.dmp

Filesize
2.2MB

Download
memory/2204-19-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2204-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2348-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2348-15-0x0000000003E30000-0x000000000431F000-memory.dmp

Filesize
4.9MB

Download
memory/2348-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2348-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2348-31-0x0000000003E30000-0x000000000431F000-memory.dmp

Filesize
4.9MB

Download
memory/2348-2-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download