08e9976c21d9083359831fa13a6d3e172ffeb40fb87589e78af0e85c5aa5510d

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5c097512ce3687f31acf42cf746f7ad.exe
Size

1.3MB
MD5

b5c097512ce3687f31acf42cf746f7ad
SHA1

1c0201bae58c1abd2839cc5dea0c69683a24a125
SHA256

08e9976c21d9083359831fa13a6d3e172ffeb40fb87589e78af0e85c5aa5510d
SHA512

5149e981ea10e54d518813684002d20b9c9c5d51f4cbc8ec1b313649b7ff9c0cb3fe82c095149d5dd01d2126c0a1707d6084ab351718416e45880c3461f09888
SSDEEP

24576:Fs7TEb8HxZEtWhA7ppHH6b/uuyiGuENs+LxJFscKG57WU9/9Us:FEYbkEh7pCMi9usMxAcLJR9j

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2572	b5c097512ce3687f31acf42cf746f7ad.exe

Executes dropped EXE 1 IoCs

pid	Process
2572	b5c097512ce3687f31acf42cf746f7ad.exe

Loads dropped DLL 1 IoCs

pid	Process
2192	b5c097512ce3687f31acf42cf746f7ad.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2192-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000c00000001225d-10.dat	upx
behavioral1/memory/2192-14-0x00000000034E0000-0x00000000039C7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2192	b5c097512ce3687f31acf42cf746f7ad.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2192	b5c097512ce3687f31acf42cf746f7ad.exe
2572	b5c097512ce3687f31acf42cf746f7ad.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2572	2192	b5c097512ce3687f31acf42cf746f7ad.exe	29
PID 2192 wrote to memory of 2572	2192	b5c097512ce3687f31acf42cf746f7ad.exe	29
PID 2192 wrote to memory of 2572	2192	b5c097512ce3687f31acf42cf746f7ad.exe	29
PID 2192 wrote to memory of 2572	2192	b5c097512ce3687f31acf42cf746f7ad.exe	29

C:\Users\Admin\AppData\Local\Temp\b5c097512ce3687f31acf42cf746f7ad.exe
"C:\Users\Admin\AppData\Local\Temp\b5c097512ce3687f31acf42cf746f7ad.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\b5c097512ce3687f31acf42cf746f7ad.exe
  C:\Users\Admin\AppData\Local\Temp\b5c097512ce3687f31acf42cf746f7ad.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2572

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\b5c097512ce3687f31acf42cf746f7ad.exe

Filesize
1.3MB

MD5
3fed656675d9a8e7b73415bee487449f

SHA1
33126be82cf419add2f9ce62f5373c06cf2d32b7

SHA256
263e5b156b37483952f165e70cac4d1f8e756557f9b938cf205a7aa3e6f3c5f1

SHA512
89da36679f288a76797322807ab288a6553ee8c0f4f56bc841dac0a42bb3b12cbdb0e085d573fe06e9f86da54803d85bd9df49b4b3732395bde08835eba7076e

Download Submit
memory/2192-14-0x00000000034E0000-0x00000000039C7000-memory.dmp

Filesize
4.9MB

Download
memory/2192-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2192-2-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2192-31-0x00000000034E0000-0x00000000039C7000-memory.dmp

Filesize
4.9MB

Download
memory/2192-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2192-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2572-20-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2572-18-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2572-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2572-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2572-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2572-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download