b482cbf57cd402f6cb749ea366847f61bda9c89f8416bca69c99c5cb9d0bb652

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-01-2024 12:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58e5b8e8954bfeed88c2c0f77ff5b85d.exe
Size

5.3MB
MD5

58e5b8e8954bfeed88c2c0f77ff5b85d
SHA1

bad536c9ca42be09a52bc50517a3ed84cdb1a3ee
SHA256

b482cbf57cd402f6cb749ea366847f61bda9c89f8416bca69c99c5cb9d0bb652
SHA512

ee4e70bea73f9c1314f6ea2065f58c38f9cd88d9fc92a132db746f50b019c7b5cd233b3747d15c53021ad530cc321f41c817b40053d26e7e88032a97fac8a146
SSDEEP

98304:e2LhfaOJyMAarWPBhiqkrd7uwq6WGSjodFirUx0L6BiFWPBhiqkrd7uwq6WGSp:bhfaOJ8JJhFkrrWGZioxy6VJhFkrrWGs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2260	58e5b8e8954bfeed88c2c0f77ff5b85d.exe

Executes dropped EXE 1 IoCs

pid	Process
2260	58e5b8e8954bfeed88c2c0f77ff5b85d.exe

Loads dropped DLL 1 IoCs

pid	Process
1664	58e5b8e8954bfeed88c2c0f77ff5b85d.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1664-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001225d-10.dat	upx
behavioral1/files/0x000b00000001225d-12.dat	upx
behavioral1/files/0x000b00000001225d-15.dat	upx
behavioral1/memory/1664-14-0x0000000003CD0000-0x00000000041BF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1664	58e5b8e8954bfeed88c2c0f77ff5b85d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1664	58e5b8e8954bfeed88c2c0f77ff5b85d.exe
2260	58e5b8e8954bfeed88c2c0f77ff5b85d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2260	1664	58e5b8e8954bfeed88c2c0f77ff5b85d.exe	28
PID 1664 wrote to memory of 2260	1664	58e5b8e8954bfeed88c2c0f77ff5b85d.exe	28
PID 1664 wrote to memory of 2260	1664	58e5b8e8954bfeed88c2c0f77ff5b85d.exe	28
PID 1664 wrote to memory of 2260	1664	58e5b8e8954bfeed88c2c0f77ff5b85d.exe	28

C:\Users\Admin\AppData\Local\Temp\58e5b8e8954bfeed88c2c0f77ff5b85d.exe
"C:\Users\Admin\AppData\Local\Temp\58e5b8e8954bfeed88c2c0f77ff5b85d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Users\Admin\AppData\Local\Temp\58e5b8e8954bfeed88c2c0f77ff5b85d.exe
  C:\Users\Admin\AppData\Local\Temp\58e5b8e8954bfeed88c2c0f77ff5b85d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\58e5b8e8954bfeed88c2c0f77ff5b85d.exe

Filesize
323KB

MD5
890a25d154eb651240715f36067eb8b7

SHA1
02f0596561860b4fb2b6ded798fb4f7735718b46

SHA256
0a3e31c2e0c3ee776f2808ad949bf4b65cf174ef32c11ba0aad18891eccad907

SHA512
3b14acee6fb5041d33a9e0a56470770a1ec7f80469b53d024cb8b8d6ba5977c99ca77e214d94c5057d4325d898532592b3eb6f3ad8cb8d5cc1194400a90a4325

Download Submit
C:\Users\Admin\AppData\Local\Temp\58e5b8e8954bfeed88c2c0f77ff5b85d.exe

Filesize
294KB

MD5
e940bd6214ee43ff490a8344481a0f89

SHA1
410d31dc3b6355746728c7d3d4ced9e0e4bd0654

SHA256
58196c019599415f4e249febe9d23e221b7f5a971d0690a76512e4140e07fae3

SHA512
f7ba7359afaf68387f59d68d38bae61498d34529768b32e0c687e851d922a9b01ea2f74368ac249030f5832dca969de6af931cab3d6a982a2609ebab2230902a

Download Submit
\Users\Admin\AppData\Local\Temp\58e5b8e8954bfeed88c2c0f77ff5b85d.exe

Filesize
574KB

MD5
8b39bee6978c55748f653ffec47d9de1

SHA1
831a7595fd13e591e85b07b05bd94bcb0c793924

SHA256
95d73b1bcb6a4536c09b997b323ee4e3a5e8d8e5c22407aa768ac14f844907bc

SHA512
70e46ba50bf9616274f500eb195a6056a64da00957d406975db138a25f76ac17c4a150fc251a75e5990c0623804f82197cdbaaf1eab0003d3184e4583f58d7d8

Download Submit
memory/1664-14-0x0000000003CD0000-0x00000000041BF000-memory.dmp

Filesize
4.9MB

Download
memory/1664-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1664-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1664-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1664-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2260-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2260-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2260-20-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2260-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2260-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2260-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download