58e3c6a559b8f75b68bb037472892bf1e18f8d57e2c75da5dae975734c334e63

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b9ddd82b44fe2de0a4346f501f900a0.exe
Size

2.9MB
MD5

9b9ddd82b44fe2de0a4346f501f900a0
SHA1

545f0eea4150ec88b4e87d6861ed7913385797ed
SHA256

58e3c6a559b8f75b68bb037472892bf1e18f8d57e2c75da5dae975734c334e63
SHA512

7e5784f3a65b0a698558fb6b22756c6991f475e6b447e28f3d6a0a71f0543b97af09e09b88e5ae2f4cdeb3130611f2b409e6596c489191ef92a0391371138e39
SSDEEP

49152:nmh2LMvCzI4FieFUSfJxtfP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:nmoLMviI4iCUkRgg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1672	9b9ddd82b44fe2de0a4346f501f900a0.exe

Executes dropped EXE 1 IoCs

pid	Process
1672	9b9ddd82b44fe2de0a4346f501f900a0.exe

Loads dropped DLL 1 IoCs

pid	Process
2052	9b9ddd82b44fe2de0a4346f501f900a0.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2052-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001224a-10.dat	upx
behavioral1/files/0x000a00000001224a-13.dat	upx
behavioral1/memory/1672-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2052	9b9ddd82b44fe2de0a4346f501f900a0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2052	9b9ddd82b44fe2de0a4346f501f900a0.exe
1672	9b9ddd82b44fe2de0a4346f501f900a0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 1672	2052	9b9ddd82b44fe2de0a4346f501f900a0.exe	28
PID 2052 wrote to memory of 1672	2052	9b9ddd82b44fe2de0a4346f501f900a0.exe	28
PID 2052 wrote to memory of 1672	2052	9b9ddd82b44fe2de0a4346f501f900a0.exe	28
PID 2052 wrote to memory of 1672	2052	9b9ddd82b44fe2de0a4346f501f900a0.exe	28

C:\Users\Admin\AppData\Local\Temp\9b9ddd82b44fe2de0a4346f501f900a0.exe
"C:\Users\Admin\AppData\Local\Temp\9b9ddd82b44fe2de0a4346f501f900a0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\AppData\Local\Temp\9b9ddd82b44fe2de0a4346f501f900a0.exe
  C:\Users\Admin\AppData\Local\Temp\9b9ddd82b44fe2de0a4346f501f900a0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\9b9ddd82b44fe2de0a4346f501f900a0.exe

Filesize
449KB

MD5
f44e4d635739bb93fd53d32f1807abac

SHA1
8208eecc8c0f456b4253dd3d4268977d1fd7527e

SHA256
0b9cb2446f9a452763da1d58de3fb797f127bace48680f592392b0a534809f76

SHA512
38fde2c54c17be77d2ca882e171159d71178aad26738084c10dc23c028851bd5d1dd28110b036ca0206446f9a7bfc2774db57cd5de91119e4ed3344e5e041634

Download Submit
\Users\Admin\AppData\Local\Temp\9b9ddd82b44fe2de0a4346f501f900a0.exe

Filesize
434KB

MD5
dc07e1a9a9b956196f40fc82c80a9c22

SHA1
bde2e7154b0f83c33bd7dd52c1ffc46814ae5f67

SHA256
8e93c474cc4ac06901d2319be671986882a78c05bb1e1ec6c96fd19fae2e113f

SHA512
bb66e43b6193799f7acf4e9ff846f7aabe789599e9786097cf99b7691c47a6d5aa77d9588ee333c4dd49976591ca43955f763863522b34bc01628a8396cac623

Download Submit
memory/1672-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1672-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1672-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1672-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1672-26-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/1672-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2052-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2052-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2052-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2052-15-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2052-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2052-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download