490c9a7e688fa4a041a381b524ce4ccd82ba724b06b6244c028a469ac3a3d57e

Analysis

max time kernel
120s
max time network
157s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 20:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

02bda21c46a4a81182c69ab15760fc1b.exe
Size

353KB
MD5

02bda21c46a4a81182c69ab15760fc1b
SHA1

b21cbf1702ad6b767ff77e0db5f5a88e130aa7ef
SHA256

490c9a7e688fa4a041a381b524ce4ccd82ba724b06b6244c028a469ac3a3d57e
SHA512

f30fec6eb8fccdcd6f8d6339a53e04bb3f9f56158bfd116f8f44749c0ec0a8dd65cbc756cf6e01d322d0a2364751e15537baddfae0667a656e51c677249f67df
SSDEEP

6144:MqxeHUGsog/H0EitlZurTCnZbhgoXp+f42B0JqtUYdxfsLPrPwo+:MqxVGsowH0B3eCn1uOpJ2B0CUYTfmE

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3036	02bda21c46a4a81182c69ab15760fc1b.exe

Executes dropped EXE 1 IoCs

pid	Process
3036	02bda21c46a4a81182c69ab15760fc1b.exe

Loads dropped DLL 1 IoCs

pid	Process
2828	02bda21c46a4a81182c69ab15760fc1b.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2828-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral1/files/0x000300000000b1f7-16.dat	upx
behavioral1/memory/3036-17-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral1/memory/2828-15-0x0000000002D30000-0x0000000002E21000-memory.dmp	upx
behavioral1/files/0x000300000000b1f7-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2828	02bda21c46a4a81182c69ab15760fc1b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2828	02bda21c46a4a81182c69ab15760fc1b.exe
3036	02bda21c46a4a81182c69ab15760fc1b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 3036	2828	02bda21c46a4a81182c69ab15760fc1b.exe	19
PID 2828 wrote to memory of 3036	2828	02bda21c46a4a81182c69ab15760fc1b.exe	19
PID 2828 wrote to memory of 3036	2828	02bda21c46a4a81182c69ab15760fc1b.exe	19
PID 2828 wrote to memory of 3036	2828	02bda21c46a4a81182c69ab15760fc1b.exe	19

C:\Users\Admin\AppData\Local\Temp\02bda21c46a4a81182c69ab15760fc1b.exe
"C:\Users\Admin\AppData\Local\Temp\02bda21c46a4a81182c69ab15760fc1b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Users\Admin\AppData\Local\Temp\02bda21c46a4a81182c69ab15760fc1b.exe
  C:\Users\Admin\AppData\Local\Temp\02bda21c46a4a81182c69ab15760fc1b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\02bda21c46a4a81182c69ab15760fc1b.exe

Filesize
25KB

MD5
0f383d7574d4ca05fcc216e47ea2ed43

SHA1
bba217cb1f925a4a0607b795bceee58be0643e13

SHA256
ca026137412475d52fdafe6ccac2c8f02ed9568e913a2c8f713820246c437323

SHA512
d7bfaa21ddbbc300a68314d0ab65efe5ca06f7afd04ab27470a3385fd28ae0abe77f1aa2d7793c0e2e4b09f61972c694a6f13d48c2c4e35dbadd9adda18e2508

Download Submit
\Users\Admin\AppData\Local\Temp\02bda21c46a4a81182c69ab15760fc1b.exe

Filesize
63KB

MD5
3934fe2721ba0bb3e35334bd314d683f

SHA1
6be4b7fc392aa780bd6216d22e39fa98ecd57c2e

SHA256
5fde65354c68dafe3ba37737adced0c9297c92bbcce8fa09783969fcd8804255

SHA512
1607b9ebf5185d55ca174e3eda84237b89fcb3c2fbf44c008781fd2f8a59781b1193ac2609983d9eaa003f1187c39bca4f34edc9e0b7d68deb63e5e61f22472d

Download Submit
memory/2828-15-0x0000000002D30000-0x0000000002E21000-memory.dmp

Filesize
964KB

Download
memory/2828-1-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2828-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2828-14-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2828-2-0x00000000001F0000-0x0000000000223000-memory.dmp

Filesize
204KB

Download
memory/3036-18-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/3036-30-0x00000000002B0000-0x0000000000300000-memory.dmp

Filesize
320KB

Download
memory/3036-24-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/3036-20-0x0000000000170000-0x00000000001A3000-memory.dmp

Filesize
204KB

Download
memory/3036-17-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/3036-31-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download