35398368ee410518ef977777c30250ffdfc7e1363aaa76288b735d1b86809c12

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 06:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b79ffb85541e3b859a6bbff12552da4.exe
Size

1.5MB
MD5

2b79ffb85541e3b859a6bbff12552da4
SHA1

d24187073bff821143d06a2d5c731889ecaa0d05
SHA256

35398368ee410518ef977777c30250ffdfc7e1363aaa76288b735d1b86809c12
SHA512

5f6855598352a2e4d9ef717f3b486ebf7611f52bbb091057c05445e0d28a95511d835735d2faa3de7b86548ff3d1f66859e606128da601a8229133131d279c35
SSDEEP

24576:t7cF0xWgPWuTxRlTCyhi6AH3Nch2kv+f/U1UMSlz21t1ouUW:tLxWwX3lDhRa9cP+fcWMCz21tW

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2772	2b79ffb85541e3b859a6bbff12552da4.exe

Executes dropped EXE 1 IoCs

pid	Process
2772	2b79ffb85541e3b859a6bbff12552da4.exe

Loads dropped DLL 1 IoCs

pid	Process
2888	2b79ffb85541e3b859a6bbff12552da4.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2888-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00090000000146c0-13.dat	upx
behavioral1/files/0x00090000000146c0-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2888	2b79ffb85541e3b859a6bbff12552da4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2888	2b79ffb85541e3b859a6bbff12552da4.exe
2772	2b79ffb85541e3b859a6bbff12552da4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2772	2888	2b79ffb85541e3b859a6bbff12552da4.exe	16
PID 2888 wrote to memory of 2772	2888	2b79ffb85541e3b859a6bbff12552da4.exe	16
PID 2888 wrote to memory of 2772	2888	2b79ffb85541e3b859a6bbff12552da4.exe	16
PID 2888 wrote to memory of 2772	2888	2b79ffb85541e3b859a6bbff12552da4.exe	16

C:\Users\Admin\AppData\Local\Temp\2b79ffb85541e3b859a6bbff12552da4.exe
C:\Users\Admin\AppData\Local\Temp\2b79ffb85541e3b859a6bbff12552da4.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2772

C:\Users\Admin\AppData\Local\Temp\2b79ffb85541e3b859a6bbff12552da4.exe
"C:\Users\Admin\AppData\Local\Temp\2b79ffb85541e3b859a6bbff12552da4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2b79ffb85541e3b859a6bbff12552da4.exe

Filesize
381KB

MD5
007799b68069b51cfe936ad1baacc556

SHA1
b2bfd6df1387c06296a40555be4184b2e97bad20

SHA256
3e155c575833f345223ff118058b9dfe0d57ef22f8f0302b17e081e07472ec66

SHA512
e3606dab7e7517eaed375720b328c3e21370214b41cea66ba8def3b0abfcae1dc35ed47a04a8b3572f15b87d63400bd4145c3ee52fdf410296915287fad84c20

Download Submit
\Users\Admin\AppData\Local\Temp\2b79ffb85541e3b859a6bbff12552da4.exe

Filesize
93KB

MD5
0031bde918c7ee731aaef30cdcf1cfe2

SHA1
cf8d29556812f63edbbf273787e5fb6e74c8d268

SHA256
9f79291f2e9427287496d1a6cc8ca7ac380a53c1a8b5e9042323a45bcbc270d9

SHA512
7c2f0e7dcb6238b3db1cfbe488dc530cb39c252e41de3a6710213bca70e2a9dfe3ab5037c2bd42977b98e63e16404424a1a3f4061f6f59b7184ac609821be226

Download Submit
memory/2772-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2772-23-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2772-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2772-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2772-15-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2772-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2888-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2888-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2888-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2888-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download