4d3576f8510e2d6c07df4be893ac62765840d01497589754eb3a82ecfa58322c

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 02:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8b1b4035cc70265c57858fb1734e79eb.exe
Size

1.3MB
MD5

8b1b4035cc70265c57858fb1734e79eb
SHA1

8a9ddaf21bafc37d3eb7cbb67f5c060c27bfa427
SHA256

4d3576f8510e2d6c07df4be893ac62765840d01497589754eb3a82ecfa58322c
SHA512

d18154463e20c7ad8c094b428c36950e8a744dbeeb1de1b38b6a6bff05d71a4b56da26ad04aaf3614eef22bd917f7acb53e18079fba02dce22774be44867168a
SSDEEP

24576:yfou4HPrOoWeQvqW8NEVeTmc0+qIIfdvuwozmZWz+APg/4YdvG:vhWDvAWVeTmc0+qIsvgzmHH4

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3052	8b1b4035cc70265c57858fb1734e79eb.exe

Executes dropped EXE 1 IoCs

pid	Process
3052	8b1b4035cc70265c57858fb1734e79eb.exe

Loads dropped DLL 1 IoCs

pid	Process
2552	8b1b4035cc70265c57858fb1734e79eb.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0009000000015c71-14.dat	upx
behavioral1/files/0x0009000000015c71-11.dat	upx
behavioral1/memory/2552-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2552	8b1b4035cc70265c57858fb1734e79eb.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2552	8b1b4035cc70265c57858fb1734e79eb.exe
3052	8b1b4035cc70265c57858fb1734e79eb.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 3052	2552	8b1b4035cc70265c57858fb1734e79eb.exe	17
PID 2552 wrote to memory of 3052	2552	8b1b4035cc70265c57858fb1734e79eb.exe	17
PID 2552 wrote to memory of 3052	2552	8b1b4035cc70265c57858fb1734e79eb.exe	17
PID 2552 wrote to memory of 3052	2552	8b1b4035cc70265c57858fb1734e79eb.exe	17

C:\Users\Admin\AppData\Local\Temp\8b1b4035cc70265c57858fb1734e79eb.exe
"C:\Users\Admin\AppData\Local\Temp\8b1b4035cc70265c57858fb1734e79eb.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Users\Admin\AppData\Local\Temp\8b1b4035cc70265c57858fb1734e79eb.exe
  C:\Users\Admin\AppData\Local\Temp\8b1b4035cc70265c57858fb1734e79eb.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8b1b4035cc70265c57858fb1734e79eb.exe

Filesize
94KB

MD5
ad60f49a885af2b5399431f013697598

SHA1
4c2cde391976835c6b7df7a63d9a283a40cfbb4c

SHA256
dd44a1ab4e112222094108aa8b57668fc225825c5fd83b0c9577996247518025

SHA512
c72306f1ade9d5f9decc11dcaf8f82d35dc6bf7d69e878ff0c68e53d616a0e8b0184bc34282f3f9ca1e5f0a805efa9dcbbe3ec506a59e30245f316d8969e441e

Download Submit
\Users\Admin\AppData\Local\Temp\8b1b4035cc70265c57858fb1734e79eb.exe

Filesize
160KB

MD5
c9d3a845d0b5978789bb76836e5de94e

SHA1
486a5457d3941609bd77047740bfff95a6569eb3

SHA256
507f0cbe33acbbb9882114f7d0fa3b644d36088ad464008f952b12d46478d2ce

SHA512
27b650e5f8270e2aedc64db24f3f082f400f2dadd7f297012b76983da144f062929aa92da9f97aa61636ca9194a6d4dd61c913d041a628759e6b036e4464b43c

Download Submit
memory/2552-2-0x00000000002B0000-0x00000000003C2000-memory.dmp

Filesize
1.1MB

Download
memory/2552-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2552-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2552-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/3052-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/3052-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/3052-16-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/3052-25-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download