978d64ba5b8e637eef63d2fe924d0d192b2b632bba8a12c0143e00b9237552be

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 14:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1b2b8cd57a5d88d44570411da9df85ae.exe
Size

5.8MB
MD5

1b2b8cd57a5d88d44570411da9df85ae
SHA1

910ab66d3514135f16bd8b3c1627d64ae97290fa
SHA256

978d64ba5b8e637eef63d2fe924d0d192b2b632bba8a12c0143e00b9237552be
SHA512

4925b9105d5d27f6011b7918a0110b051e7bb1c2a7bedc2744fc2beda85df7810a4e9bee31247a8e9459ad2f30ac9d3be3a2aa4479017466dbce48e7acecfeda
SSDEEP

98304:LAN+L0QkS5WaeakYbvgJhVd6e7QqvzYSwBnh0Zppynt1kYbvgJhVd6e7Q:cozkS5qgE6kFY5nCZp0tigE6k

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2352	1b2b8cd57a5d88d44570411da9df85ae.exe

Executes dropped EXE 1 IoCs

pid	Process
2352	1b2b8cd57a5d88d44570411da9df85ae.exe

Loads dropped DLL 1 IoCs

pid	Process
2068	1b2b8cd57a5d88d44570411da9df85ae.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2068-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012262-14.dat	upx
behavioral1/files/0x000b000000012262-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2068	1b2b8cd57a5d88d44570411da9df85ae.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2068	1b2b8cd57a5d88d44570411da9df85ae.exe
2352	1b2b8cd57a5d88d44570411da9df85ae.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2352	2068	1b2b8cd57a5d88d44570411da9df85ae.exe	28
PID 2068 wrote to memory of 2352	2068	1b2b8cd57a5d88d44570411da9df85ae.exe	28
PID 2068 wrote to memory of 2352	2068	1b2b8cd57a5d88d44570411da9df85ae.exe	28
PID 2068 wrote to memory of 2352	2068	1b2b8cd57a5d88d44570411da9df85ae.exe	28

C:\Users\Admin\AppData\Local\Temp\1b2b8cd57a5d88d44570411da9df85ae.exe
"C:\Users\Admin\AppData\Local\Temp\1b2b8cd57a5d88d44570411da9df85ae.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Users\Admin\AppData\Local\Temp\1b2b8cd57a5d88d44570411da9df85ae.exe
  C:\Users\Admin\AppData\Local\Temp\1b2b8cd57a5d88d44570411da9df85ae.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1b2b8cd57a5d88d44570411da9df85ae.exe

Filesize
1.0MB

MD5
262eb55dd4c1838ba293c7f880a26273

SHA1
1197ec7c71fb0942285d5c8a51692f225746bb31

SHA256
84b8e64cb732417c944f4cf4b5b58ec0a2098d5a03c97b056c1014d7e77a43f4

SHA512
aa865a9e144acae61ba55fc308a7006d2c5b7ba68dcec010bad42554242ba8b3c5b84252d33983b64f7af27c4e39c9386a44d1ebbff71e4fc0d2ef3a4f1ca73b

Download Submit
\Users\Admin\AppData\Local\Temp\1b2b8cd57a5d88d44570411da9df85ae.exe

Filesize
1.5MB

MD5
fcce4c989c8fae61ef266f7e0e965488

SHA1
05958552aca8221d5087c06313d64fbcd20756a1

SHA256
bd2821fdec8c33aa5e89934bc977ecced838491eba8d3943f8f3625cb6ce98fe

SHA512
f82a4f1b03a9e410add8f639efdf24f36a855adb9e05de238a30f5ad8e3d2833fc033fcfc2484474c03315cd1429dc84cb7e9ad585e39cb5ddd7efa3995963da

Download Submit
memory/2068-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2068-2-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2068-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2068-31-0x0000000003E20000-0x000000000430F000-memory.dmp

Filesize
4.9MB

Download
memory/2068-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2068-15-0x0000000003E20000-0x000000000430F000-memory.dmp

Filesize
4.9MB

Download
memory/2352-20-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2352-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2352-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2352-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2352-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2352-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download