248d1f2e4137c8397f44d7aeb3e46b194675304e421e12522c8c7afbba026935

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 17:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb74545217334bfa2f3cb43fc264e268.exe
Size

2.9MB
MD5

fb74545217334bfa2f3cb43fc264e268
SHA1

54ec90eeb75c7ea3f1650c07cc0a861526867476
SHA256

248d1f2e4137c8397f44d7aeb3e46b194675304e421e12522c8c7afbba026935
SHA512

4fd15017101eb7b22fba3486ca3e3cfe0295743ae9d009558f4ac6b769ef9aaf49b6cb04a5a4007e853a04afcd0c803f3c7b0bd828ce6a4d1a374299bfdcd83e
SSDEEP

49152:7wVHSYKHqDDM9H+BhbndPpDVj9rFh6a7m2Ya2xn+95xy+xrKrdHWqPLD3g:7ay5qU9yf/BFh6iRYzxn+cErKrd2+g

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2672	fb74545217334bfa2f3cb43fc264e268.exe

Executes dropped EXE 1 IoCs

pid	Process
2672	fb74545217334bfa2f3cb43fc264e268.exe

Loads dropped DLL 1 IoCs

pid	Process
1448	fb74545217334bfa2f3cb43fc264e268.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1448-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012329-13.dat	upx
behavioral1/files/0x000c000000012329-12.dat	upx
behavioral1/files/0x000c000000012329-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1448	fb74545217334bfa2f3cb43fc264e268.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1448	fb74545217334bfa2f3cb43fc264e268.exe
2672	fb74545217334bfa2f3cb43fc264e268.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 2672	1448	fb74545217334bfa2f3cb43fc264e268.exe	28
PID 1448 wrote to memory of 2672	1448	fb74545217334bfa2f3cb43fc264e268.exe	28
PID 1448 wrote to memory of 2672	1448	fb74545217334bfa2f3cb43fc264e268.exe	28
PID 1448 wrote to memory of 2672	1448	fb74545217334bfa2f3cb43fc264e268.exe	28

C:\Users\Admin\AppData\Local\Temp\fb74545217334bfa2f3cb43fc264e268.exe
"C:\Users\Admin\AppData\Local\Temp\fb74545217334bfa2f3cb43fc264e268.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Users\Admin\AppData\Local\Temp\fb74545217334bfa2f3cb43fc264e268.exe
  C:\Users\Admin\AppData\Local\Temp\fb74545217334bfa2f3cb43fc264e268.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\fb74545217334bfa2f3cb43fc264e268.exe

Filesize
388KB

MD5
8a0564c85b189ee2ff54ab1d101c9e1d

SHA1
05849ac69c10244b6a7aaa4ab03850d33f6b6ad9

SHA256
9726153f29debd60534193ed6a7e051e0fb6445a7390b15d0ec2322714822ec9

SHA512
d5bf72cb814d9155a3ae41efa3f9d87529536ffb7576237f921823c9d30b87454b37618275177c75080b929e20340e78e843a0bb5e1d29d55c2fa6f017e073a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\fb74545217334bfa2f3cb43fc264e268.exe

Filesize
255KB

MD5
390c5aecdd0601b66565dbf8cff65462

SHA1
8be8ea464f33bac3741acd6f83671e3bdda228c8

SHA256
7151513ec987acdeb89fa95c1fa8b7916ac85721c03aca0d4b0bfbf32ff2e247

SHA512
dd474d0689043171d365943df4649847a615bc7f2e2b34afc7500f982f7099f6c41e81a19ee92c3b890797d0e302834cae896a19ed0c9b63d393934ec6f26d25

Download Submit
\Users\Admin\AppData\Local\Temp\fb74545217334bfa2f3cb43fc264e268.exe

Filesize
325KB

MD5
c74c15e41f81c1ee9e8642ad296ae969

SHA1
e86226ce97eee204f7729c25479d7c33fb850501

SHA256
27002fcb53c9aec26b9279c2a3f60b56c48af01a6858d916f3db7a34ca7542ba

SHA512
f15e43477eded4e3eb102166b1fdd01eac5f74e2598bb0da29e4a333440eed28048dc86eeec626cadc4c81f5f5cf74dd00aded38192b064063ec98bcd816cf29

Download Submit
memory/1448-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1448-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1448-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1448-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2672-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2672-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2672-23-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2672-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2672-16-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2672-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download