b169342b97a3aa28478eaddec3f745e04739b8401f24f444a6846bbe5e5d01ec

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 08:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79baef261f0444657e0f52e19bdb50e3.exe
Size

2.9MB
MD5

79baef261f0444657e0f52e19bdb50e3
SHA1

49ba5cf5f9ee50f44cff5026dd3c0ee60fe17923
SHA256

b169342b97a3aa28478eaddec3f745e04739b8401f24f444a6846bbe5e5d01ec
SHA512

6ea8fce52183b7ef0b01819618501ed59b728a457f23dbd447a47a650d0fe9a049ba1371fc4eba403158b5ab43df71a47649839f5d5e61c014b99ae6d4eb5095
SSDEEP

49152:j1c1Fvf/edwgp0wMLP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:uHWdLpggg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2856	79baef261f0444657e0f52e19bdb50e3.exe

Executes dropped EXE 1 IoCs

pid	Process
2856	79baef261f0444657e0f52e19bdb50e3.exe

Loads dropped DLL 1 IoCs

pid	Process
2476	79baef261f0444657e0f52e19bdb50e3.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2476-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012252-10.dat	upx
behavioral1/files/0x0009000000012252-15.dat	upx
behavioral1/memory/2476-13-0x00000000037F0000-0x0000000003CDF000-memory.dmp	upx
behavioral1/memory/2856-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2476	79baef261f0444657e0f52e19bdb50e3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2476	79baef261f0444657e0f52e19bdb50e3.exe
2856	79baef261f0444657e0f52e19bdb50e3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2476 wrote to memory of 2856	2476	79baef261f0444657e0f52e19bdb50e3.exe	28
PID 2476 wrote to memory of 2856	2476	79baef261f0444657e0f52e19bdb50e3.exe	28
PID 2476 wrote to memory of 2856	2476	79baef261f0444657e0f52e19bdb50e3.exe	28
PID 2476 wrote to memory of 2856	2476	79baef261f0444657e0f52e19bdb50e3.exe	28

C:\Users\Admin\AppData\Local\Temp\79baef261f0444657e0f52e19bdb50e3.exe
"C:\Users\Admin\AppData\Local\Temp\79baef261f0444657e0f52e19bdb50e3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2476
- C:\Users\Admin\AppData\Local\Temp\79baef261f0444657e0f52e19bdb50e3.exe
  C:\Users\Admin\AppData\Local\Temp\79baef261f0444657e0f52e19bdb50e3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\79baef261f0444657e0f52e19bdb50e3.exe

Filesize
175KB

MD5
c7031bc4b07f6616b468e997e518966c

SHA1
7d24b226433d9ffc2c834825f5ad9e38d95ed728

SHA256
8c56f9b0a3988303b4a6d3956fa00c005d089f36b4a88ccd2ad07e88b1e2d4f0

SHA512
cf67f12dc5e1f419b056c6d4b63a5214b7498e9544c0111f2176b54b3a2d09408f92174db28392efe5ced3470c76e540d57dff86693ee55c56f94fe9ab9b6e7a

Download Submit
\Users\Admin\AppData\Local\Temp\79baef261f0444657e0f52e19bdb50e3.exe

Filesize
247KB

MD5
aab11553d6132a29627092f954468778

SHA1
a126948ca6b2ce5bf4d5f37c6ab9b5036d356e1c

SHA256
6d609b908388e2b9ced92883c894b16aab159e734b13c253b3bee0a7d95090ec

SHA512
fd980b1f037dab2cdbefd30e1bc6fbcaf874bfd34fb7874971de5e9dd10099101efa7af1b760b29f49b050e5b17a2953d1daef851463186853f8f80d0cc2d349

Download Submit
memory/2476-13-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2476-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2476-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2476-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2476-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2476-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2856-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2856-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2856-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2856-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2856-25-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/2856-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download