36c6dc98e64c7de884874c47520d68163f01847afee0b782ccfa2306062fa116

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
15/01/2024, 02:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bef891654831f5109131dba1fdb7bd9.exe
Size

2.9MB
MD5

5bef891654831f5109131dba1fdb7bd9
SHA1

e28100e8b5315d0b62b8f523060cb47d7e0940a0
SHA256

36c6dc98e64c7de884874c47520d68163f01847afee0b782ccfa2306062fa116
SHA512

f47c15f87ea9c7272218f4e02402de0de5efcfd6d38d396e5bb95cbb0c3abc04e3e0a394c0f0e1146794729a2034f212cf4de2df468e8e235305ab86b89945c4
SSDEEP

49152:ze83fD/dn/HztKX8FSEGUCwmWJ9zi5KQQN74NH5HUyNRcUsCVOzetdZJ:C837lM8FvGU4Yzi5KQQ4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1672	5bef891654831f5109131dba1fdb7bd9.exe

Executes dropped EXE 1 IoCs

pid	Process
1672	5bef891654831f5109131dba1fdb7bd9.exe

Loads dropped DLL 1 IoCs

pid	Process
2520	5bef891654831f5109131dba1fdb7bd9.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2520-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c0000000122e9-10.dat	upx
behavioral1/memory/1672-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c0000000122e9-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2520	5bef891654831f5109131dba1fdb7bd9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2520	5bef891654831f5109131dba1fdb7bd9.exe
1672	5bef891654831f5109131dba1fdb7bd9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 1672	2520	5bef891654831f5109131dba1fdb7bd9.exe	28
PID 2520 wrote to memory of 1672	2520	5bef891654831f5109131dba1fdb7bd9.exe	28
PID 2520 wrote to memory of 1672	2520	5bef891654831f5109131dba1fdb7bd9.exe	28
PID 2520 wrote to memory of 1672	2520	5bef891654831f5109131dba1fdb7bd9.exe	28

C:\Users\Admin\AppData\Local\Temp\5bef891654831f5109131dba1fdb7bd9.exe
"C:\Users\Admin\AppData\Local\Temp\5bef891654831f5109131dba1fdb7bd9.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Users\Admin\AppData\Local\Temp\5bef891654831f5109131dba1fdb7bd9.exe
  C:\Users\Admin\AppData\Local\Temp\5bef891654831f5109131dba1fdb7bd9.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5bef891654831f5109131dba1fdb7bd9.exe

Filesize
1.8MB

MD5
b37cc08b5d8eab8e05ff3c13756cecfe

SHA1
9dab06b123bbe12fc86fa6a005aa577e17d23bec

SHA256
f96d2c37b5bad01ec8df71517d08dd17082975adeaea131a3a93777553d04b83

SHA512
6cccedf3d6193cf169cc9456566f34a8ca79f90c7b521313ee13b2ed41ca21021a11195c7635801466ef8df7a088148737adcec75226fbe3c9abaa272183c2ef

Download Submit
\Users\Admin\AppData\Local\Temp\5bef891654831f5109131dba1fdb7bd9.exe

Filesize
1.6MB

MD5
9caa13fa87ae9523d5f41f9e7a44cfb6

SHA1
f04f0abd3f665b54fb07215b1811e96cae175c8b

SHA256
e42256c9de65517e50ca87735b3d7bd3475a83c7e33bcc9f72611a8b61d1c79a

SHA512
44864f7436ae14c11cca05188a201beea8c2af51d3b076bdb1d35ff9786f4449211b287c125ec03baac8e612d5ce1202428754fbda7af458e7daf165f83c4d42

Download Submit
memory/1672-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1672-18-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/1672-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1672-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1672-24-0x00000000035C0000-0x00000000037EA000-memory.dmp

Filesize
2.2MB

Download
memory/1672-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2520-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2520-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2520-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2520-15-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2520-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2520-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download