aa70757781862362bd4fae8abe77bc9cf3f72bb4a8d8e265f11308d875390fae

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-01-2024 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40b8596fe0b63ce0b4c5d3486af69aab.exe
Size

2.9MB
MD5

40b8596fe0b63ce0b4c5d3486af69aab
SHA1

b8ddb3807abad21e4b9e7b616b659aefe9186f0f
SHA256

aa70757781862362bd4fae8abe77bc9cf3f72bb4a8d8e265f11308d875390fae
SHA512

cac38a48945fa000a06aa1ac65ba4aa685e10d3feaf1aebb72530eb9e183b10cd4bf8157fd0e167345adb04d7f5e4fdbda37fa1d014d1a084055730d2930b612
SSDEEP

49152:QjIwooyvk/kGX5PRxisfNdwmBNAagdoSwnE4GWasXmKE1YVFw7c+1mpEyPh38:ZweM/kGX37fNJ1qf4GWdXlE1iFv+S78

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2280	40b8596fe0b63ce0b4c5d3486af69aab.exe

Executes dropped EXE 1 IoCs

pid	Process
2280	40b8596fe0b63ce0b4c5d3486af69aab.exe

Loads dropped DLL 1 IoCs

pid	Process
1668	40b8596fe0b63ce0b4c5d3486af69aab.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1668-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00070000000122c9-12.dat	upx
behavioral1/files/0x00070000000122c9-13.dat	upx
behavioral1/files/0x00070000000122c9-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1668	40b8596fe0b63ce0b4c5d3486af69aab.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1668	40b8596fe0b63ce0b4c5d3486af69aab.exe
2280	40b8596fe0b63ce0b4c5d3486af69aab.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 2280	1668	40b8596fe0b63ce0b4c5d3486af69aab.exe	28
PID 1668 wrote to memory of 2280	1668	40b8596fe0b63ce0b4c5d3486af69aab.exe	28
PID 1668 wrote to memory of 2280	1668	40b8596fe0b63ce0b4c5d3486af69aab.exe	28
PID 1668 wrote to memory of 2280	1668	40b8596fe0b63ce0b4c5d3486af69aab.exe	28

C:\Users\Admin\AppData\Local\Temp\40b8596fe0b63ce0b4c5d3486af69aab.exe
"C:\Users\Admin\AppData\Local\Temp\40b8596fe0b63ce0b4c5d3486af69aab.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Users\Admin\AppData\Local\Temp\40b8596fe0b63ce0b4c5d3486af69aab.exe
  C:\Users\Admin\AppData\Local\Temp\40b8596fe0b63ce0b4c5d3486af69aab.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\40b8596fe0b63ce0b4c5d3486af69aab.exe

Filesize
860KB

MD5
c36155847d95e21a0d74ceafc18237c3

SHA1
197defc26088a6c1fa39d6bd59a625806a3a7db4

SHA256
bce1d424b7c4b890ebb19ea375c87b3628ef992088a9c68fb59cfcdcf3c6f34e

SHA512
f775a25bf7b0524423bc02ad32d7ac7b3561793753af3d43bb1b7646ecf782ec10c98407271e325941494ca53c18a18d49f4e6583813c072aed4577e0c769bac

Download Submit
C:\Users\Admin\AppData\Local\Temp\40b8596fe0b63ce0b4c5d3486af69aab.exe

Filesize
382KB

MD5
7ea8a6fcbcec9cc4fb16a1d5dffdd5ad

SHA1
1ad1759dd205512d47c2952ac37000176278c9ef

SHA256
e3a78bf205e1f9a985a8504f22e937b31a54e0191995fa20e894a2d153206a87

SHA512
a5a850c9093fce054c83dd68513ab21f600c8e7264e44f5577907735bf594d7f546047b9744d74c00e62785194974d879b74006b6ac731723488cc7c53138c87

Download Submit
\Users\Admin\AppData\Local\Temp\40b8596fe0b63ce0b4c5d3486af69aab.exe

Filesize
894KB

MD5
560a26ac5d05d01c07a892ec07f26abb

SHA1
387e4adfc5a294adbc6621ebe48bdb71a735cb0c

SHA256
01ab8534575a9c708fd55effefe103e6d263d526142f755b3a2e13cf5e9ada0a

SHA512
732314ffb344a0ac3584e0942a183bf3fcc8767ecb5b268d7099226bc80b2c5189f09c7f5eb889e5377a683523bb6e025b0a143bc1b83f4771a24879a965930e

Download Submit
memory/1668-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1668-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1668-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1668-2-0x00000000002C0000-0x00000000003F3000-memory.dmp

Filesize
1.2MB

Download
memory/2280-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2280-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2280-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2280-24-0x0000000003420000-0x000000000364A000-memory.dmp

Filesize
2.2MB

Download
memory/2280-16-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2280-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download