b46f6b128ab0c6480637f4f347e81f062913b2c5d85394015d3e87dbce85e7ee

Analysis

max time kernel
119s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05700e3d854855fe29f9e2088e51435c.exe
Size

2.9MB
MD5

05700e3d854855fe29f9e2088e51435c
SHA1

ea0bc3086850f48a1640b322d8b358c66b78c193
SHA256

b46f6b128ab0c6480637f4f347e81f062913b2c5d85394015d3e87dbce85e7ee
SHA512

a39f006bca541fb2a402f9f47d08f99e3478a92f3e55329abad8159d6137444d64f141e0bad36c46031b0270037f1dffe343fe8d24092c7a49dbd9850a94b7cb
SSDEEP

49152:AL3mi+zt1IqCXH5lDCAwcVgNlYvjA7FFH7X7ERnaaRzrha85apMCrRZtLK6ao9GZ:AL3wztbCXHXDJGokFHb7ERt5aMKFVZ54

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3048	05700e3d854855fe29f9e2088e51435c.exe

Executes dropped EXE 1 IoCs

pid	Process
3048	05700e3d854855fe29f9e2088e51435c.exe

Loads dropped DLL 1 IoCs

pid	Process
848	05700e3d854855fe29f9e2088e51435c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/848-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001225c-10.dat	upx
behavioral1/files/0x000a00000001225c-13.dat	upx
behavioral1/memory/3048-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
848	05700e3d854855fe29f9e2088e51435c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
848	05700e3d854855fe29f9e2088e51435c.exe
3048	05700e3d854855fe29f9e2088e51435c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 3048	848	05700e3d854855fe29f9e2088e51435c.exe	28
PID 848 wrote to memory of 3048	848	05700e3d854855fe29f9e2088e51435c.exe	28
PID 848 wrote to memory of 3048	848	05700e3d854855fe29f9e2088e51435c.exe	28
PID 848 wrote to memory of 3048	848	05700e3d854855fe29f9e2088e51435c.exe	28

C:\Users\Admin\AppData\Local\Temp\05700e3d854855fe29f9e2088e51435c.exe
"C:\Users\Admin\AppData\Local\Temp\05700e3d854855fe29f9e2088e51435c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:848
- C:\Users\Admin\AppData\Local\Temp\05700e3d854855fe29f9e2088e51435c.exe
  C:\Users\Admin\AppData\Local\Temp\05700e3d854855fe29f9e2088e51435c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\05700e3d854855fe29f9e2088e51435c.exe

Filesize
404KB

MD5
d786b766c3fff4e7cdcb0251d4dfd511

SHA1
e4584f7491fb4a3daf7319b39336d68f3ec70d39

SHA256
25018344333a0bd517ae7a8453b1c83cb988603be2968b4f927d9eddf642753d

SHA512
50f140ee8511a153224b2f2565896931d4a04cad9bb27d9a03540aeb2b871060a2dc246ca9a06d8d622ea3c68000907853ee395bd652d5838d1792ba1a95dbeb

Download Submit
\Users\Admin\AppData\Local\Temp\05700e3d854855fe29f9e2088e51435c.exe

Filesize
482KB

MD5
5f0359b90ac58f77f5d3438dcf48525b

SHA1
ba58f52699e09073f99b5496da46a8d056917421

SHA256
9a184ddab564ed7a9a24773c0d24d97e8d968f5065949c08c0ce821a2c873ada

SHA512
7b11e94d2762f9fed66d3b7ea14aa8f1b25e390189b0eba618e84030b13777e9bd548e7ab21ead65c82e94f140bc645e60d59105886ecde52490775b3ad8cf58

Download Submit
memory/848-15-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/848-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/848-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/848-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/848-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/848-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/3048-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3048-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3048-20-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/3048-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/3048-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3048-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download