8b42636095f1b9ee60506ba76ac407be31b91104845f7d23574afc7ff17e1b54

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
15/01/2024, 01:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5bd543819307581c1d64d71b68ae9b22.exe
Size

1.3MB
MD5

5bd543819307581c1d64d71b68ae9b22
SHA1

aeec4333eeb11b416a2194cdbef753d33fa453ee
SHA256

8b42636095f1b9ee60506ba76ac407be31b91104845f7d23574afc7ff17e1b54
SHA512

af556a3d4a754272213eb44b1c7c6a74d3c3efb2232aad546aa5dce1e040d1ff7ed7d9db8e9bcb305f19c592d02f154629d7686aa848b5efb5cecddf95f9944a
SSDEEP

24576:50Z8mCmYiFUTf0hR6pa63hWyygtGB+MB6iOSe4bupKBzXk3euFOaJ1GU9/9Us:50ZVCmYdI2pa6xIWGD6ye0upKRXWFOaB

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2248	5bd543819307581c1d64d71b68ae9b22.exe

Executes dropped EXE 1 IoCs

pid	Process
2248	5bd543819307581c1d64d71b68ae9b22.exe

Loads dropped DLL 1 IoCs

pid	Process
2384	5bd543819307581c1d64d71b68ae9b22.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2384-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b000000014534-10.dat	upx
behavioral1/files/0x000b000000014534-13.dat	upx
behavioral1/memory/2248-17-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b000000014534-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2384	5bd543819307581c1d64d71b68ae9b22.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2384	5bd543819307581c1d64d71b68ae9b22.exe
2248	5bd543819307581c1d64d71b68ae9b22.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2248	2384	5bd543819307581c1d64d71b68ae9b22.exe	28
PID 2384 wrote to memory of 2248	2384	5bd543819307581c1d64d71b68ae9b22.exe	28
PID 2384 wrote to memory of 2248	2384	5bd543819307581c1d64d71b68ae9b22.exe	28
PID 2384 wrote to memory of 2248	2384	5bd543819307581c1d64d71b68ae9b22.exe	28

C:\Users\Admin\AppData\Local\Temp\5bd543819307581c1d64d71b68ae9b22.exe
"C:\Users\Admin\AppData\Local\Temp\5bd543819307581c1d64d71b68ae9b22.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Users\Admin\AppData\Local\Temp\5bd543819307581c1d64d71b68ae9b22.exe
  C:\Users\Admin\AppData\Local\Temp\5bd543819307581c1d64d71b68ae9b22.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5bd543819307581c1d64d71b68ae9b22.exe

Filesize
147KB

MD5
a3dfbad8c57a6dafd08b1ef7d9f5b0a4

SHA1
e6ad77ce0b4da18c8326275f78cfbb144d759eb6

SHA256
7e85d3322d68cf5b4fe6a62efeff56e763abf72fbf121debdda4273b71c5d97b

SHA512
c1c52c76b29ed7d4ab381fc50229772a5b895bc5cdd86715e203216ada043b213ff1fa30dfeb9edd82883134562b03361a52b255f17a90be1c93f0e69b713c63

Download Submit
C:\Users\Admin\AppData\Local\Temp\5bd543819307581c1d64d71b68ae9b22.exe

Filesize
199KB

MD5
4c82b6793d04c03fc9b8b9af8e94a9bb

SHA1
ff82113e4858091d788e9a1ccca3e807b4682efa

SHA256
29399b37939a92f794cf15e68c0ea8c96c182eaa68d8ddea9ad4ae4510f8647b

SHA512
c1f3e5ddb50f0aaab692378ef927d31764a9d6b2e6f8a38463684e9f8ae0fbf2da9f1f0feb55762009a5d3bd1fb36d64834af50728f673f7f50c2f78016cc98f

Download Submit
\Users\Admin\AppData\Local\Temp\5bd543819307581c1d64d71b68ae9b22.exe

Filesize
198KB

MD5
79c58c272520037c06d98182a6b8d804

SHA1
d5072a0579ec10e4a27e427621151fc7eace1e41

SHA256
df1bda4a8d312f5b8c2f1420567c32e711b034cf4668689b3b87f0999fe91cb0

SHA512
48886bd331cdc0517a6b44f9b7ff18f1de77e788aba684f3fe7d523e591d40b5e30418cb5af8ea16301d3523342c5a3970a0b980a29bb45376735cc60d59d537

Download Submit
memory/2248-19-0x0000000000280000-0x00000000003B1000-memory.dmp

Filesize
1.2MB

Download
memory/2248-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2248-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2248-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2248-26-0x00000000034F0000-0x0000000003712000-memory.dmp

Filesize
2.1MB

Download
memory/2248-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2384-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2384-3-0x0000000000260000-0x0000000000391000-memory.dmp

Filesize
1.2MB

Download
memory/2384-15-0x0000000003730000-0x0000000003C17000-memory.dmp

Filesize
4.9MB

Download
memory/2384-0-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2384-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2384-31-0x0000000003730000-0x0000000003C17000-memory.dmp

Filesize
4.9MB

Download