9b5aa62c8444bfa39a972ff9058927e0a9e70cfec7fc9536995ceeb1e291e789

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 20:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1bd74fc18f86b50ecf1d4cd34442ac32.exe
Size

2.7MB
MD5

1bd74fc18f86b50ecf1d4cd34442ac32
SHA1

863a287e206e977ceacb46691f190c7f4fb28d75
SHA256

9b5aa62c8444bfa39a972ff9058927e0a9e70cfec7fc9536995ceeb1e291e789
SHA512

6f1c193617bc3b7345152781308f028a0be11ae14263e4e00e5f9372e8eb5d61e4a385cdac0bef19e8f2b2289bbbe7ff2a85b84027e9b3f8fafa561b20fb385e
SSDEEP

49152:vKug24woXXdHORZz83aEqNVcQzuhIpwlGkAAE0e5kbS:224bN6ZGaEqKsxAEh5kbS

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3040	1bd74fc18f86b50ecf1d4cd34442ac32.exe

Executes dropped EXE 1 IoCs

pid	Process
3040	1bd74fc18f86b50ecf1d4cd34442ac32.exe

Loads dropped DLL 1 IoCs

pid	Process
2084	1bd74fc18f86b50ecf1d4cd34442ac32.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2084-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0009000000012252-11.dat	upx
behavioral1/memory/3040-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/2084-16-0x0000000003820000-0x0000000003C8A000-memory.dmp	upx
behavioral1/files/0x0009000000012252-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2084	1bd74fc18f86b50ecf1d4cd34442ac32.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2084	1bd74fc18f86b50ecf1d4cd34442ac32.exe
3040	1bd74fc18f86b50ecf1d4cd34442ac32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 3040	2084	1bd74fc18f86b50ecf1d4cd34442ac32.exe	17
PID 2084 wrote to memory of 3040	2084	1bd74fc18f86b50ecf1d4cd34442ac32.exe	17
PID 2084 wrote to memory of 3040	2084	1bd74fc18f86b50ecf1d4cd34442ac32.exe	17
PID 2084 wrote to memory of 3040	2084	1bd74fc18f86b50ecf1d4cd34442ac32.exe	17

C:\Users\Admin\AppData\Local\Temp\1bd74fc18f86b50ecf1d4cd34442ac32.exe
"C:\Users\Admin\AppData\Local\Temp\1bd74fc18f86b50ecf1d4cd34442ac32.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\1bd74fc18f86b50ecf1d4cd34442ac32.exe
  C:\Users\Admin\AppData\Local\Temp\1bd74fc18f86b50ecf1d4cd34442ac32.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1bd74fc18f86b50ecf1d4cd34442ac32.exe

Filesize
1KB

MD5
b53022f53362b250f8e35d2a428f110f

SHA1
59f84b52c510696015c26af578d52c15bfaa4f8b

SHA256
7ac9381c68227b3dc7e17bc991cd28a11667e8a6ca548fd846f4b981f5ee435b

SHA512
3a6308dd6d06c1d7e152eeaa7a98c7b1d623dabe10bcb4a8163112ebb101fa99ab3f6410d6c49cfe8d33c8f89b6275aa25576b15ee711d08f2f2233a7a8457d5

Download Submit
\Users\Admin\AppData\Local\Temp\1bd74fc18f86b50ecf1d4cd34442ac32.exe

Filesize
8KB

MD5
b57f5940c9cc49d842920a0952007206

SHA1
c71006f91eaaf20b5b6fa453d5cbed124ae251a0

SHA256
a5e7a5d1c828b5b948c398fd988f2c5be9f0e2d0b961fedfeb963befc8b9750e

SHA512
d699f7cca313588a35a53af217d393c66b501cdef4d35110b7ef1d0ef2f430c4830c490bf5a9958be5f46d7ddd2eb5558e3b94093f760e3d70876c79b8a8eeff

Download Submit
memory/2084-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2084-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2084-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2084-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2084-16-0x0000000003820000-0x0000000003C8A000-memory.dmp

Filesize
4.4MB

Download
memory/2084-26-0x0000000003820000-0x0000000003C8A000-memory.dmp

Filesize
4.4MB

Download
memory/3040-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/3040-19-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/3040-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/3040-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download