b2e742e7b8aefc3d8bb105afde938b3eee33d5e70469feabe1cbbee3982fd105

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

05d40799ee20702ec37f64d818f64ffa.exe
Size

1.3MB
MD5

05d40799ee20702ec37f64d818f64ffa
SHA1

91806e78aee452ad4592126ea61c7cca7e9b4e2e
SHA256

b2e742e7b8aefc3d8bb105afde938b3eee33d5e70469feabe1cbbee3982fd105
SHA512

ffc61e81c6ee65fe4f71a2d052125144acd8d6ce4ab47fcb3a6504a9729d1908e7078c414eae417b78f30170267e6c5a6f68d1ee359a7a6c802f2a64ac1af0b4
SSDEEP

24576:roIkiKBHGlY8Z0KqaTpTkdgR82ovhYkDgzhnMf5eLdcpMGQ+fvG:roiKxLEU6QhRwMxydck

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2872	05d40799ee20702ec37f64d818f64ffa.exe

Executes dropped EXE 1 IoCs

pid	Process
2872	05d40799ee20702ec37f64d818f64ffa.exe

Loads dropped DLL 1 IoCs

pid	Process
1920	05d40799ee20702ec37f64d818f64ffa.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1920-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a00000001225b-16.dat	upx
behavioral1/memory/2872-18-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/1920-15-0x00000000033F0000-0x000000000385A000-memory.dmp	upx
behavioral1/files/0x000a00000001225b-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1920	05d40799ee20702ec37f64d818f64ffa.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1920	05d40799ee20702ec37f64d818f64ffa.exe
2872	05d40799ee20702ec37f64d818f64ffa.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2872	1920	05d40799ee20702ec37f64d818f64ffa.exe	17
PID 1920 wrote to memory of 2872	1920	05d40799ee20702ec37f64d818f64ffa.exe	17
PID 1920 wrote to memory of 2872	1920	05d40799ee20702ec37f64d818f64ffa.exe	17
PID 1920 wrote to memory of 2872	1920	05d40799ee20702ec37f64d818f64ffa.exe	17

C:\Users\Admin\AppData\Local\Temp\05d40799ee20702ec37f64d818f64ffa.exe
"C:\Users\Admin\AppData\Local\Temp\05d40799ee20702ec37f64d818f64ffa.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Users\Admin\AppData\Local\Temp\05d40799ee20702ec37f64d818f64ffa.exe
  C:\Users\Admin\AppData\Local\Temp\05d40799ee20702ec37f64d818f64ffa.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\05d40799ee20702ec37f64d818f64ffa.exe

Filesize
14KB

MD5
d63bb8156198102c80dcc38f73feb7c3

SHA1
2fc99c2e1fc014da2289d44cc56daa4d089d7223

SHA256
e1465df7dfc5f0fe9d597c17b371131fcf8825699f1d53792515c4820d0eb152

SHA512
b6fcaad38b562f43a3df85446afd541f6eda9cb107377834a0bb10e603ceca7591707d9176f2a45fa48b3929f6b369c5d00ad685e714d2a19b9def4a26568688

Download Submit
\Users\Admin\AppData\Local\Temp\05d40799ee20702ec37f64d818f64ffa.exe

Filesize
37KB

MD5
df9ac8009e14e62ddb6fe8504f01e4a0

SHA1
1eba8ae88f5b1321b12ad8c0c21ebda32824ed03

SHA256
65c94ffc9e50b5561a5962e447d4be70e1e84744df3cf7ad8da0342bfd5f3405

SHA512
50bb94664f00351410b2bdb889ed74f5705d8059da1c12db52d7bf2e6e7bbeb289c228c23c9e73f47cdd99e8b1c05794d6d1ef99c48041173ba1f544d6239971

Download Submit
memory/1920-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1920-1-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/1920-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1920-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1920-15-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download
memory/2872-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2872-20-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2872-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2872-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download