88b50e1679b61fb5f57ef7bc8fc1968ad193af5a1465b141073d09826d32f48e

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/02/2024, 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a98bce902d88044975b61f439fa0bea7.exe
Size

5.8MB
MD5

a98bce902d88044975b61f439fa0bea7
SHA1

46593f29e29f1020718e1a9ae333e4e34b182baa
SHA256

88b50e1679b61fb5f57ef7bc8fc1968ad193af5a1465b141073d09826d32f48e
SHA512

2379c6f61942251ffdf421ca5a5067619a8803101727922e6e7a827f0ccd13ce9c1f0db95a0890b00191a49b4ac98e9892fcd545aceea8ab43630eb58b2b74fb
SSDEEP

98304:/KN8N5rcFRD6SXgg3gnl/IVUs1jePsULAEVr6slCeZ8isagg3gnl/IVUs1jePs:yVgl/iBiPqEVWhegOgl/iBiP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1856	a98bce902d88044975b61f439fa0bea7.exe

Executes dropped EXE 1 IoCs

pid	Process
1856	a98bce902d88044975b61f439fa0bea7.exe

Loads dropped DLL 1 IoCs

pid	Process
2344	a98bce902d88044975b61f439fa0bea7.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2344-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b0000000122b8-10.dat	upx
behavioral1/files/0x000b0000000122b8-15.dat	upx
behavioral1/memory/1856-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2344	a98bce902d88044975b61f439fa0bea7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2344	a98bce902d88044975b61f439fa0bea7.exe
1856	a98bce902d88044975b61f439fa0bea7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 1856	2344	a98bce902d88044975b61f439fa0bea7.exe	28
PID 2344 wrote to memory of 1856	2344	a98bce902d88044975b61f439fa0bea7.exe	28
PID 2344 wrote to memory of 1856	2344	a98bce902d88044975b61f439fa0bea7.exe	28
PID 2344 wrote to memory of 1856	2344	a98bce902d88044975b61f439fa0bea7.exe	28

C:\Users\Admin\AppData\Local\Temp\a98bce902d88044975b61f439fa0bea7.exe
"C:\Users\Admin\AppData\Local\Temp\a98bce902d88044975b61f439fa0bea7.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Users\Admin\AppData\Local\Temp\a98bce902d88044975b61f439fa0bea7.exe
  C:\Users\Admin\AppData\Local\Temp\a98bce902d88044975b61f439fa0bea7.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a98bce902d88044975b61f439fa0bea7.exe

Filesize
5.8MB

MD5
853e730136aff4aa64d2be70a3d836e6

SHA1
ffed3380da9c0db0347f91694f6a674683cb358f

SHA256
125fae3f9c487aadaa9abdb3fb249a74b7237bde5e9727bd59e2b1d0a10f5900

SHA512
77fa21b7d5417baca308af00264af1bd5e9caf53615a8da9aa3972e883cf7e9a07c65e435c045cf024728e9e6acfed8096cca72e3a72e1a078786751f1625d93

Download Submit
\Users\Admin\AppData\Local\Temp\a98bce902d88044975b61f439fa0bea7.exe

Filesize
256KB

MD5
36da501eacd554e9e4f43698f59db1cc

SHA1
46289e09f91993e29664ac952e26ddb4bcb92325

SHA256
c84b201d9093d70b926cda3c2c790fa788087a9766b99dc379069ed4c6700a79

SHA512
6ef9a1d0bf7a9059c151f85bd6bd9d9423f93872a5c0978d5ba69f6ee2402c4bcbffc0df9f44a46541c537fda58e0a40bf475160235118580bba26fd90041cec

Download Submit
memory/1856-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1856-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1856-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1856-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1856-26-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/1856-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2344-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2344-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2344-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2344-14-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2344-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download