94ffc3b6ce6fe7d046092cd35a9259d94874e8cbd74c5fef5109a2c8999cc4fb

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b3ef43d18a8c0d2959c8ce723e3a263.exe
Size

2.5MB
MD5

9b3ef43d18a8c0d2959c8ce723e3a263
SHA1

950dc315adae5660ffe5a2a2b7e2e8f4cffa9d18
SHA256

94ffc3b6ce6fe7d046092cd35a9259d94874e8cbd74c5fef5109a2c8999cc4fb
SHA512

e988e1d2a19298a080162593c350aa27cbaef92e4d49a8b75ede1700d3b03438fa237759b67cabaf7160eed9d59fb0c8386a9619388cf3a741ecc32e709b66a2
SSDEEP

49152:kLmM/TWIB3OALfZnCNAtN74NH5HUyNRcUsCVOzet0:QpWIB3OAjZnCNU4HBUCczz9

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2292	9b3ef43d18a8c0d2959c8ce723e3a263.exe

Executes dropped EXE 1 IoCs

pid	Process
2292	9b3ef43d18a8c0d2959c8ce723e3a263.exe

Loads dropped DLL 1 IoCs

pid	Process
2264	9b3ef43d18a8c0d2959c8ce723e3a263.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2264-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000014439-10.dat	upx
behavioral1/files/0x000a000000014439-13.dat	upx
behavioral1/files/0x000a000000014439-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2264	9b3ef43d18a8c0d2959c8ce723e3a263.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2264	9b3ef43d18a8c0d2959c8ce723e3a263.exe
2292	9b3ef43d18a8c0d2959c8ce723e3a263.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2292	2264	9b3ef43d18a8c0d2959c8ce723e3a263.exe	28
PID 2264 wrote to memory of 2292	2264	9b3ef43d18a8c0d2959c8ce723e3a263.exe	28
PID 2264 wrote to memory of 2292	2264	9b3ef43d18a8c0d2959c8ce723e3a263.exe	28
PID 2264 wrote to memory of 2292	2264	9b3ef43d18a8c0d2959c8ce723e3a263.exe	28

C:\Users\Admin\AppData\Local\Temp\9b3ef43d18a8c0d2959c8ce723e3a263.exe
"C:\Users\Admin\AppData\Local\Temp\9b3ef43d18a8c0d2959c8ce723e3a263.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Users\Admin\AppData\Local\Temp\9b3ef43d18a8c0d2959c8ce723e3a263.exe
  C:\Users\Admin\AppData\Local\Temp\9b3ef43d18a8c0d2959c8ce723e3a263.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9b3ef43d18a8c0d2959c8ce723e3a263.exe

Filesize
1.4MB

MD5
994be08fc2ab4971d6161ee3ac88ea1f

SHA1
b80bafacb62f196ba0755c40362206d08a5c6a28

SHA256
8d8e63376649925c5999c5e8447269b580d8a71082881b5d45f1e8e1262e650a

SHA512
12d14af69d17d690b5777a7af086c1500a315b4aa0845ed88b6405fc4df5eee4061ec26b27ed93b6bd0b57a4897dfbf7ff631237fb83f2fd2ad20b0da55a8571

Download Submit
C:\Users\Admin\AppData\Local\Temp\9b3ef43d18a8c0d2959c8ce723e3a263.exe

Filesize
1.1MB

MD5
93ae3a1a9134abc05bbc5fc9c1566846

SHA1
00dad8bedd16176b6ed1f4f0500732e729a644d6

SHA256
9747a0b1a6431aded2dca9dbe3aaf3fa0cdf2bb3ac11f461e13e08a906490d5b

SHA512
2e5094ef09a867323cada9b19d4cde5f87693fbdeca8bc77907d128f0bc2b3020d694f8d36d43ee11bf92385958adb57cf6d2fead5302de53dffd35cb8a9e234

Download Submit
\Users\Admin\AppData\Local\Temp\9b3ef43d18a8c0d2959c8ce723e3a263.exe

Filesize
1.3MB

MD5
8440fff0d2d37d5032feb68a5c04c58b

SHA1
5a7fe2d80e8abbec1f72dd407493e66a99d656d8

SHA256
b6b73bfc246f3a94aa8d3dbccb2e07e510af4dcda5ea4b3a10c3bec3ad34e891

SHA512
1f10bf7ac5ceca87a632af5d11d02def484be4c8ba0ea0032c4b28d2ea57249f3d7e7224ce83bfd8e6e7583f98ccefe77363de52611e980caa2211a5c74a4183

Download Submit
memory/2264-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2264-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2264-4-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2264-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2292-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2292-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2292-17-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2292-24-0x00000000032D0000-0x00000000034FA000-memory.dmp

Filesize
2.2MB

Download
memory/2292-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2292-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download