b38d882a88bed38f31e0cba7d0ef3226606e8807eec0d70c1fca6982a675fb16

Analysis

max time kernel
122s
max time network
162s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50779cf75376bc2a806f237c2dba6509.exe
Size

5.8MB
MD5

50779cf75376bc2a806f237c2dba6509
SHA1

b2057fe5563d61bf5f8a54abf423da81b5984a43
SHA256

b38d882a88bed38f31e0cba7d0ef3226606e8807eec0d70c1fca6982a675fb16
SHA512

554b5c000be5a73fb46d353c31da1fc5d4ef70a7bdc485d2d5fc832423a48ade8cdc5470216d78d57a133105560dbaae8b8e878d3560f49b9cec8c807c2be319
SSDEEP

98304:HqsIPAaPdoyF8JGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:HGr/FGGhRaaCkN9qHGhRa

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1732	50779cf75376bc2a806f237c2dba6509.exe

Executes dropped EXE 1 IoCs

pid	Process
1732	50779cf75376bc2a806f237c2dba6509.exe

Loads dropped DLL 1 IoCs

pid	Process
2228	50779cf75376bc2a806f237c2dba6509.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2228-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0003000000004ed5-11.dat	upx
behavioral1/memory/1732-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0003000000004ed5-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2228	50779cf75376bc2a806f237c2dba6509.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2228	50779cf75376bc2a806f237c2dba6509.exe
1732	50779cf75376bc2a806f237c2dba6509.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 1732	2228	50779cf75376bc2a806f237c2dba6509.exe	29
PID 2228 wrote to memory of 1732	2228	50779cf75376bc2a806f237c2dba6509.exe	29
PID 2228 wrote to memory of 1732	2228	50779cf75376bc2a806f237c2dba6509.exe	29
PID 2228 wrote to memory of 1732	2228	50779cf75376bc2a806f237c2dba6509.exe	29

C:\Users\Admin\AppData\Local\Temp\50779cf75376bc2a806f237c2dba6509.exe
"C:\Users\Admin\AppData\Local\Temp\50779cf75376bc2a806f237c2dba6509.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Users\Admin\AppData\Local\Temp\50779cf75376bc2a806f237c2dba6509.exe
  C:\Users\Admin\AppData\Local\Temp\50779cf75376bc2a806f237c2dba6509.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\50779cf75376bc2a806f237c2dba6509.exe

Filesize
1.2MB

MD5
1be564382d035b9f836826afd3714c81

SHA1
0a66707cecf11e4466ab5f719bcf508a6321aa56

SHA256
27b9e4b3297e7bc204197a8a5a74b07404052bde73ed64115f70be4e9c3d9256

SHA512
eb80a819b3dc30fb0113ed143362170adf71ad50e5736be08910913fed8c4e3880c07a45cf0921d9a28b848fc9b49c7e45444909357a202d248cbf2b4f2d3630

Download Submit
\Users\Admin\AppData\Local\Temp\50779cf75376bc2a806f237c2dba6509.exe

Filesize
5.1MB

MD5
433347f487b6cc2e02eadb6ab0ffa651

SHA1
406efcf99f160599a814275d3f6206ae4d27659d

SHA256
75378b39cb6168d07e1b69a076cd48aca9486900da53f8a1ffaf20c3e8699eba

SHA512
67d4935b0f8eaef80491376100561ec9d978c1f3ff050cbd6807742e78dc4edc3a6966b99af6ae3fb40fba0914fa4ed990479d97455560df19cf9f5559377b73

Download Submit
memory/1732-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1732-25-0x0000000003520000-0x000000000374A000-memory.dmp

Filesize
2.2MB

Download
memory/1732-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1732-19-0x0000000000290000-0x00000000003C3000-memory.dmp

Filesize
1.2MB

Download
memory/1732-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1732-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2228-10-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2228-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2228-13-0x0000000003F60000-0x000000000444F000-memory.dmp

Filesize
4.9MB

Download
memory/2228-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2228-4-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2228-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download