30cb4cf59123f3be7d8c357307d5347361794c0bb9f5aefe3ccc34950187cdcd

Analysis

max time kernel
117s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

09bf15384202a74d1df984892ef18a47.exe
Size

1.3MB
MD5

09bf15384202a74d1df984892ef18a47
SHA1

e6a3ffe9ad836640b7c93dfab6f874755942c643
SHA256

30cb4cf59123f3be7d8c357307d5347361794c0bb9f5aefe3ccc34950187cdcd
SHA512

27aa5bff7e45bfc035792e0597285eff42c3b53fbdf38e730f2f96fc5ecf53c6f55b78dc80eceef306c1c51d908b7a7ba4d422fd96f9ba27c2fcdcb2aa3e749a
SSDEEP

24576:YOm9r/kgDB57/WZDkTa+lgzQPB8JgHrfMMwfl9jvLwk2vAWuU9/9Us:YO0/kgDL/n+wgzQp8gHr2l9jkkZWBR9j

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2360	09bf15384202a74d1df984892ef18a47.exe

Executes dropped EXE 1 IoCs

pid	Process
2360	09bf15384202a74d1df984892ef18a47.exe

Loads dropped DLL 1 IoCs

pid	Process
2132	09bf15384202a74d1df984892ef18a47.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2132-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a000000012255-10.dat	upx
behavioral1/memory/2132-14-0x0000000003480000-0x0000000003967000-memory.dmp	upx
behavioral1/files/0x000a000000012255-15.dat	upx
behavioral1/memory/2360-17-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a000000012255-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2132	09bf15384202a74d1df984892ef18a47.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2132	09bf15384202a74d1df984892ef18a47.exe
2360	09bf15384202a74d1df984892ef18a47.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2360	2132	09bf15384202a74d1df984892ef18a47.exe	28
PID 2132 wrote to memory of 2360	2132	09bf15384202a74d1df984892ef18a47.exe	28
PID 2132 wrote to memory of 2360	2132	09bf15384202a74d1df984892ef18a47.exe	28
PID 2132 wrote to memory of 2360	2132	09bf15384202a74d1df984892ef18a47.exe	28

C:\Users\Admin\AppData\Local\Temp\09bf15384202a74d1df984892ef18a47.exe
"C:\Users\Admin\AppData\Local\Temp\09bf15384202a74d1df984892ef18a47.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Users\Admin\AppData\Local\Temp\09bf15384202a74d1df984892ef18a47.exe
  C:\Users\Admin\AppData\Local\Temp\09bf15384202a74d1df984892ef18a47.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\09bf15384202a74d1df984892ef18a47.exe

Filesize
313KB

MD5
cac79d9503e2acadacc2b54877d09230

SHA1
e7a6cc50e5b552de45ca7a63c0c12ac1fac81c2d

SHA256
9389550425cf5d90f770a3d8588da8c456aefb26ef818e02774a2e31d02a38be

SHA512
fab02bc4dec32f630172c4b90721ce1368d8db4b3ff1ad8be138b02c484b4623a0f61126a2a7f0fe2db91f4fbb10f755ea704753a622576083ce771f0cda612c

Download Submit
C:\Users\Admin\AppData\Local\Temp\09bf15384202a74d1df984892ef18a47.exe

Filesize
370KB

MD5
bf9c1a85c626631a561e1399fa43b721

SHA1
84e320055bbc77dae63390db638dc27f41681866

SHA256
2d3de737bd0906ba10dde0819f54787f6b37ba8f8c06270c9ae865aa4a0de7ea

SHA512
0962f24b424df3db087532e37a7c30568a6097df317225d04b7b3914cc62f2b8a1642bf4ef024a375288726837999f699ee2ff0d305ec527fd05c3182808c383

Download Submit
\Users\Admin\AppData\Local\Temp\09bf15384202a74d1df984892ef18a47.exe

Filesize
627KB

MD5
1face9e617c91f4243f751c010124696

SHA1
b56cc36c12c990e473e2517c5ec20238e6124990

SHA256
5bf535b523dbc629962f3a441b863fb3a298f5793efb0a98f1232d6428b5555b

SHA512
7adb81c64d3572449b91d9e97bf91937ea8dd00437af1bedb595dfc8f9fb4bcfe7efa21242abd7218774693a44d53ce279f5e8ead73fa477d47571b14ea48634

Download Submit
memory/2132-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2132-14-0x0000000003480000-0x0000000003967000-memory.dmp

Filesize
4.9MB

Download
memory/2132-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2132-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2132-2-0x00000000002B0000-0x00000000003E1000-memory.dmp

Filesize
1.2MB

Download
memory/2360-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2360-19-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2360-18-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2360-24-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2360-26-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2360-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download