a1d1158377adb16837fb6ba9834b787252c43642d675ee63d080745675e8a538

Analysis

max time kernel
120s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 03:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fbfbe826e08a2a271f84a33560cd2a5.exe
Size

2.9MB
MD5

3fbfbe826e08a2a271f84a33560cd2a5
SHA1

619136c0bd209936fd68a714ee98e544f188c2eb
SHA256

a1d1158377adb16837fb6ba9834b787252c43642d675ee63d080745675e8a538
SHA512

a37eccaf7d4461c1a98d71cacf44f5f130409a42ab183a6accd399be7219a7fdce795210a8ed5243e2754a2189f7584ff5e9c36612c673bfa17b5cd20c78bec3
SSDEEP

49152:GlVLUg1iuc8NHB/ZJG4RNfkOynzngGnhD19I8P4M338dB2IBlGuuDVUsdxxjeQZ5:GlxU8iB8/1RNfMnznpvbgg3gnl/IVUsn

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1340	3fbfbe826e08a2a271f84a33560cd2a5.exe

Executes dropped EXE 1 IoCs

pid	Process
1340	3fbfbe826e08a2a271f84a33560cd2a5.exe

Loads dropped DLL 1 IoCs

pid	Process
2144	3fbfbe826e08a2a271f84a33560cd2a5.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2144-2-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012252-10.dat	upx
behavioral1/files/0x0009000000012252-13.dat	upx
behavioral1/memory/1340-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2144	3fbfbe826e08a2a271f84a33560cd2a5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2144	3fbfbe826e08a2a271f84a33560cd2a5.exe
1340	3fbfbe826e08a2a271f84a33560cd2a5.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 1340	2144	3fbfbe826e08a2a271f84a33560cd2a5.exe	28
PID 2144 wrote to memory of 1340	2144	3fbfbe826e08a2a271f84a33560cd2a5.exe	28
PID 2144 wrote to memory of 1340	2144	3fbfbe826e08a2a271f84a33560cd2a5.exe	28
PID 2144 wrote to memory of 1340	2144	3fbfbe826e08a2a271f84a33560cd2a5.exe	28

C:\Users\Admin\AppData\Local\Temp\3fbfbe826e08a2a271f84a33560cd2a5.exe
"C:\Users\Admin\AppData\Local\Temp\3fbfbe826e08a2a271f84a33560cd2a5.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Users\Admin\AppData\Local\Temp\3fbfbe826e08a2a271f84a33560cd2a5.exe
  C:\Users\Admin\AppData\Local\Temp\3fbfbe826e08a2a271f84a33560cd2a5.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3fbfbe826e08a2a271f84a33560cd2a5.exe

Filesize
433KB

MD5
3b0bffa0e195edd82271a0ad627f7533

SHA1
15af3713966861834902609e1ed28e123c4b054c

SHA256
e14b9c2437f5ddea99a1b0e0210b0837920f5aaa465680eb778cce80b95c3800

SHA512
e9a541332d4632037ab64e86d7b96ee367d6a2e0c59d64a89f322039e0b5e15f217f3aadfc621c40dc6a375285abb0614ee1cc3ddc4b8912e5dae26796e301cd

Download Submit
\Users\Admin\AppData\Local\Temp\3fbfbe826e08a2a271f84a33560cd2a5.exe

Filesize
455KB

MD5
76ae357cbe339da6bc1bb34fa4652e53

SHA1
302c7e87877049f3d1a2e6432177366268da084c

SHA256
e5986221b6489668afe4b9280ad2706df62c0a4817fad6a7d120b8691e80b5cb

SHA512
77b68d6143e35d8262509470f82352f059ea5f141b4b9f79fc61d47ac0abaad2a10c2f498b085f4aac6fe8fd76eaa65d392429736ef9c235e05cbffe5a941014

Download Submit
memory/1340-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1340-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1340-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1340-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1340-26-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/1340-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2144-4-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2144-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2144-2-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2144-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2144-15-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2144-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download