883ecdd5fd15ac33223b0b869e89303d38ee4c6b2f79e44f8c467f8ea6767a76

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ba1e0cafd6796819159b985d33e2f7c.exe
Size

5.8MB
MD5

4ba1e0cafd6796819159b985d33e2f7c
SHA1

3a1e6f6ab9bea565a67ed85652c65f35df62405d
SHA256

883ecdd5fd15ac33223b0b869e89303d38ee4c6b2f79e44f8c467f8ea6767a76
SHA512

8572e5b770566741511ccd8744b5e076bc998aea11e5e6498f64b163041e8351cb6996e2769d8998162b2d66eb8f2cb568b4fa6902aa4c0f64393b1c04e920e3
SSDEEP

98304:dpl9t0Y0d6fEEg1mgg3gnl/IVUs1jePsxLTCEXIDSdVfHPJ7zh0ygg3gnl/IVUsn:dz9tvZxg8gl/iBiPeTCEXamxHP70Wgll

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3048	4ba1e0cafd6796819159b985d33e2f7c.exe

Executes dropped EXE 1 IoCs

pid	Process
3048	4ba1e0cafd6796819159b985d33e2f7c.exe

Loads dropped DLL 1 IoCs

pid	Process
2932	4ba1e0cafd6796819159b985d33e2f7c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2932-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000015c46-15.dat	upx
behavioral1/files/0x0009000000015c46-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2932	4ba1e0cafd6796819159b985d33e2f7c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2932	4ba1e0cafd6796819159b985d33e2f7c.exe
3048	4ba1e0cafd6796819159b985d33e2f7c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 3048	2932	4ba1e0cafd6796819159b985d33e2f7c.exe	19
PID 2932 wrote to memory of 3048	2932	4ba1e0cafd6796819159b985d33e2f7c.exe	19
PID 2932 wrote to memory of 3048	2932	4ba1e0cafd6796819159b985d33e2f7c.exe	19
PID 2932 wrote to memory of 3048	2932	4ba1e0cafd6796819159b985d33e2f7c.exe	19

C:\Users\Admin\AppData\Local\Temp\4ba1e0cafd6796819159b985d33e2f7c.exe
"C:\Users\Admin\AppData\Local\Temp\4ba1e0cafd6796819159b985d33e2f7c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Users\Admin\AppData\Local\Temp\4ba1e0cafd6796819159b985d33e2f7c.exe
  C:\Users\Admin\AppData\Local\Temp\4ba1e0cafd6796819159b985d33e2f7c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\4ba1e0cafd6796819159b985d33e2f7c.exe

Filesize
1.4MB

MD5
2918ee9e7334396c44a3c0bf1fc2176c

SHA1
680d5fe983103b468fa5e87f1694ff132a68a8c3

SHA256
66c362ceabe0bf97603f1501fc0373d03771ee3f6eb67795b18e1f31cc8e8e68

SHA512
6c2829235a6847d2d824dab63248788bb8ce3e2b25f5dab3f5bd63c18d8a730b186c5013b05ae7c15c12e2558c5092831e273323598c15ff92669e057d4711a3

Download Submit
\Users\Admin\AppData\Local\Temp\4ba1e0cafd6796819159b985d33e2f7c.exe

Filesize
382KB

MD5
7eb9bc2081ede4b87a52d8a0e8478c40

SHA1
078ed33cb898218c1b34d4c672d131e63e3083c4

SHA256
1cf4f684c1ff613b0327bbf8743de074a5af644595dcfeae510d54b5a011fff2

SHA512
0d7acab9711ae44beb38b7317b382a543a302c27333060ed5afccbf824c88c264db98b1cf334974847c60d988f09450c44b6c3cc5a88e6d105b310417f539f81

Download Submit
memory/2932-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2932-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2932-14-0x0000000003EC0000-0x00000000043AF000-memory.dmp

Filesize
4.9MB

Download
memory/2932-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2932-3-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/2932-31-0x0000000003EC0000-0x00000000043AF000-memory.dmp

Filesize
4.9MB

Download
memory/3048-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3048-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3048-20-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/3048-26-0x0000000003420000-0x000000000364A000-memory.dmp

Filesize
2.2MB

Download
memory/3048-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3048-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download