0ac33151d329fde8346fe102da9ad43efc3229befd84a3d30a2c9925b1f8eccb

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 17:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fbe8e108225cac785b0685200a6e98a8.exe
Size

2.7MB
MD5

fbe8e108225cac785b0685200a6e98a8
SHA1

689872edeb84504aadf558aa9b121765f827c1ab
SHA256

0ac33151d329fde8346fe102da9ad43efc3229befd84a3d30a2c9925b1f8eccb
SHA512

4f558fd35a77d1b98846f62c3e2a74ab75739429654eee0a347db13e1ba76d65fefdeb203f252a37fd6e1a248dd859b24b6c5109f0b7cf719a150a2e76ad3647
SSDEEP

49152:B74+ptLXS3nJfqRCzsjbvdR9S/+CJRCpE1EkKlLEK3zeEo2s+uFCR9j:B7zLXenNqAEbvdHS/7EEmpfjRRbuAHj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1780	fbe8e108225cac785b0685200a6e98a8.exe

Executes dropped EXE 1 IoCs

pid	Process
1780	fbe8e108225cac785b0685200a6e98a8.exe

Loads dropped DLL 1 IoCs

pid	Process
3044	fbe8e108225cac785b0685200a6e98a8.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3044-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000c000000013138-10.dat	upx
behavioral1/files/0x000c000000013138-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3044	fbe8e108225cac785b0685200a6e98a8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3044	fbe8e108225cac785b0685200a6e98a8.exe
1780	fbe8e108225cac785b0685200a6e98a8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 1780	3044	fbe8e108225cac785b0685200a6e98a8.exe	28
PID 3044 wrote to memory of 1780	3044	fbe8e108225cac785b0685200a6e98a8.exe	28
PID 3044 wrote to memory of 1780	3044	fbe8e108225cac785b0685200a6e98a8.exe	28
PID 3044 wrote to memory of 1780	3044	fbe8e108225cac785b0685200a6e98a8.exe	28

C:\Users\Admin\AppData\Local\Temp\fbe8e108225cac785b0685200a6e98a8.exe
"C:\Users\Admin\AppData\Local\Temp\fbe8e108225cac785b0685200a6e98a8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Users\Admin\AppData\Local\Temp\fbe8e108225cac785b0685200a6e98a8.exe
  C:\Users\Admin\AppData\Local\Temp\fbe8e108225cac785b0685200a6e98a8.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\fbe8e108225cac785b0685200a6e98a8.exe

Filesize
816KB

MD5
d5f452d9fb2ec735175a884d65932b8c

SHA1
efc612b2f3381bff83d48d43a2df8605d07d7575

SHA256
e1ee460b7b596e2b8824bc9952c4f176ad9c3c630778a9a6de23b7d47154d798

SHA512
941bbf2e17a5b2df4953fe15f42eac3973b491dce57f6c8bb11b9a196ef93079d74dd848add34dc7b54c9bf3690c385d9735d61282b0394bcecfb658ce5fec31

Download Submit
\Users\Admin\AppData\Local\Temp\fbe8e108225cac785b0685200a6e98a8.exe

Filesize
832KB

MD5
ebe06ac7f47af648bfe23dcdf0389f4c

SHA1
5826a278fc3c27fde23f8e27766be844b8b242f7

SHA256
bfbe2238cad4d18eb901942fc88bec05ecc4dee6a829b9039fdf38efab5d8f24

SHA512
bf3f3fda0cf6c79e3e6068456d480a0690e333a8673154546b02e953d3f55b0147a82d2ee9e675fd1c52c87e5850c7a75b6299db69694c91d5f43a75733d8fe6

Download Submit
memory/1780-20-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1780-18-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1780-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1780-24-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1780-23-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/1780-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3044-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3044-2-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/3044-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3044-16-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/3044-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download