506fdb6f347fd3b37b8cfbf715df9deef9f340f5a23e7896253cad2961268348

Analysis

max time kernel
3s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05956cbb7e95f4089d4565ba2250c82b.exe
Size

2.6MB
MD5

05956cbb7e95f4089d4565ba2250c82b
SHA1

3b9beceda066e7b26d605d9909750e7c76b40ba3
SHA256

506fdb6f347fd3b37b8cfbf715df9deef9f340f5a23e7896253cad2961268348
SHA512

ed65b352468fd1277ddd81d35fe17e69cdb8b6369d4e722419bd946c7029698557099d3b99d76b5a20052485fe366d13bb7ea6c7be097b2b0d2945dc5e67dc46
SSDEEP

49152:xi8tlfsiJCDNIUgWKFzzYxLXdE7vTGa8pc2Zpp5Hat8bKqkbqay3:rW61UgvIeqcYpp5UQKW3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2984	05956cbb7e95f4089d4565ba2250c82b.exe

Executes dropped EXE 1 IoCs

pid	Process
2984	05956cbb7e95f4089d4565ba2250c82b.exe

Loads dropped DLL 1 IoCs

pid	Process
2548	05956cbb7e95f4089d4565ba2250c82b.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2548-0-0x0000000000400000-0x0000000000D9E000-memory.dmp	upx
behavioral1/files/0x000b000000015df1-14.dat	upx
behavioral1/files/0x000b000000015df1-13.dat	upx
behavioral1/files/0x000b000000015df1-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2548	05956cbb7e95f4089d4565ba2250c82b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2548	05956cbb7e95f4089d4565ba2250c82b.exe
2984	05956cbb7e95f4089d4565ba2250c82b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2984	2548	05956cbb7e95f4089d4565ba2250c82b.exe	28
PID 2548 wrote to memory of 2984	2548	05956cbb7e95f4089d4565ba2250c82b.exe	28
PID 2548 wrote to memory of 2984	2548	05956cbb7e95f4089d4565ba2250c82b.exe	28
PID 2548 wrote to memory of 2984	2548	05956cbb7e95f4089d4565ba2250c82b.exe	28

C:\Users\Admin\AppData\Local\Temp\05956cbb7e95f4089d4565ba2250c82b.exe
"C:\Users\Admin\AppData\Local\Temp\05956cbb7e95f4089d4565ba2250c82b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Users\Admin\AppData\Local\Temp\05956cbb7e95f4089d4565ba2250c82b.exe
  C:\Users\Admin\AppData\Local\Temp\05956cbb7e95f4089d4565ba2250c82b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\05956cbb7e95f4089d4565ba2250c82b.exe

Filesize
894KB

MD5
2d5ee1fc019e605c968d6cb60d42a908

SHA1
84545faddd7c69aa703802f8227ad0c7a1110e4d

SHA256
3c32db078dca251f365083ba54ced789d6f58623c808527e068ee7eb897c24d2

SHA512
949148283eeb07c204e10198fbe69e2c21702dbd67fb295e3d56a7e0fd6a100a7303bd694f367920fde9c73baa921bd8634f12bcb8348c4885f2f3e7cd85efb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\05956cbb7e95f4089d4565ba2250c82b.exe

Filesize
893KB

MD5
a337c25d24d500986b060c6fab2a18fa

SHA1
52f86b9c9c81bcac4b6c65b6aae052958ae6d923

SHA256
4cd09ad568f2bc1c38c030bc6a5c7f28bc431232c0ca7bb4ba35c54ec516acae

SHA512
06c909acfab97dafae811e6d104e8b14412681a7f2f4104cd879dc0a72f0bc49d6f1f915ff99b6ed1ae0ed5f5b5e0b251b2987d04bf677456a473bfa0405661d

Download Submit
\Users\Admin\AppData\Local\Temp\05956cbb7e95f4089d4565ba2250c82b.exe

Filesize
1.2MB

MD5
af3d6888be6b66e93e2656b1f15dd3da

SHA1
d4736ea957d94104ff92c5f3f46c9463f906801c

SHA256
558fba7d73c9e8da8d9491e29c0197fae1b46533e6e4214055dee1b0f5153a88

SHA512
fd107b33e21414124aa4ba546ff46fd572f6992b639859e4af9a883c788f31da1940498380cbe910a75430db798e2a2478d7c5b86905e88547b19f35b3ad118c

Download Submit
memory/2548-1-0x0000000000400000-0x0000000000605000-memory.dmp

Filesize
2.0MB

Download
memory/2548-0-0x0000000000400000-0x0000000000D9E000-memory.dmp

Filesize
9.6MB

Download
memory/2548-2-0x0000000001FA0000-0x00000000021FA000-memory.dmp

Filesize
2.4MB

Download
memory/2548-15-0x0000000000400000-0x0000000000605000-memory.dmp

Filesize
2.0MB

Download
memory/2548-16-0x00000000038A0000-0x000000000423E000-memory.dmp

Filesize
9.6MB

Download
memory/2548-34-0x00000000038A0000-0x000000000423E000-memory.dmp

Filesize
9.6MB

Download
memory/2984-21-0x0000000001FA0000-0x00000000021FA000-memory.dmp

Filesize
2.4MB

Download
memory/2984-19-0x0000000000400000-0x0000000000D9E000-memory.dmp

Filesize
9.6MB

Download
memory/2984-35-0x0000000000400000-0x0000000000D9E000-memory.dmp

Filesize
9.6MB

Download