7ae3e1b421304c074923bfc630b301801b1fa383078aec301bd0cb9053d7591d

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b57e70dc768c988814f973a6912c1f25.exe
Size

1.3MB
MD5

b57e70dc768c988814f973a6912c1f25
SHA1

75ceb9bf90b44adfb63aebe8e1c31e4292173304
SHA256

7ae3e1b421304c074923bfc630b301801b1fa383078aec301bd0cb9053d7591d
SHA512

7fb2a64f92b09a350a00abf6df5a95d85030a589407c5da45bf6b0ab0ec4f64ec957bd133df0ae589c66da7f473374472670bd66b2ee45258e12e75eee8c04c2
SSDEEP

24576:I6Zn+UCu0PHKOZl64VjkDbFClwvmUGbSE28z0dpWaR2gU9/9Us:I80PHKO68jkvYlmm9tlz0d0VPR9j

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2360	b57e70dc768c988814f973a6912c1f25.exe

Executes dropped EXE 1 IoCs

pid	Process
2360	b57e70dc768c988814f973a6912c1f25.exe

Loads dropped DLL 1 IoCs

pid	Process
1704	b57e70dc768c988814f973a6912c1f25.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1704-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b000000012257-10.dat	upx
behavioral1/files/0x000b000000012257-15.dat	upx
behavioral1/memory/2360-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b000000012257-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1704	b57e70dc768c988814f973a6912c1f25.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1704	b57e70dc768c988814f973a6912c1f25.exe
2360	b57e70dc768c988814f973a6912c1f25.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2360	1704	b57e70dc768c988814f973a6912c1f25.exe	28
PID 1704 wrote to memory of 2360	1704	b57e70dc768c988814f973a6912c1f25.exe	28
PID 1704 wrote to memory of 2360	1704	b57e70dc768c988814f973a6912c1f25.exe	28
PID 1704 wrote to memory of 2360	1704	b57e70dc768c988814f973a6912c1f25.exe	28

C:\Users\Admin\AppData\Local\Temp\b57e70dc768c988814f973a6912c1f25.exe
"C:\Users\Admin\AppData\Local\Temp\b57e70dc768c988814f973a6912c1f25.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Users\Admin\AppData\Local\Temp\b57e70dc768c988814f973a6912c1f25.exe
  C:\Users\Admin\AppData\Local\Temp\b57e70dc768c988814f973a6912c1f25.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\b57e70dc768c988814f973a6912c1f25.exe

Filesize
1.3MB

MD5
de1be38344c66d1c6bf5490f89209561

SHA1
89a4c2ad28ddacecdf4e27d2edc2ee4d9dd0772e

SHA256
b9e6444d23e1d0101f191d3608892bbcb914eb92bcd331bead551127bda5a5d0

SHA512
45e57d047486c047096174d0a0909b1333e5c90349f716133efb02e47659d46aa08d5c12e276496f96199062cd8da4e952aa44050980ab4c4c5a719fc105f25e

Download Submit
C:\Users\Admin\AppData\Local\Temp\b57e70dc768c988814f973a6912c1f25.exe

Filesize
1024KB

MD5
671e7bb9b8f865467c2b9f4a2a685c0d

SHA1
13a11c591a86b72b5be553f77964bddfc91adea4

SHA256
fd27a510d9c6a1e87b27f517c1f681635bb495c0816905159caa84765b91f301

SHA512
dec378f17fbe4fca57fce6b010e2a61f3047d3e8131f6e071c545cb1efda3c55d5f5c3bf581a342932ba106c433bd64b927675d3bf4d5e7705588897998a48d6

Download Submit
\Users\Admin\AppData\Local\Temp\b57e70dc768c988814f973a6912c1f25.exe

Filesize
1.3MB

MD5
a62861d23d726c714e1fa447eaccf788

SHA1
ad266d753e92d8206c2cb382a2084401f0b14a2a

SHA256
ff507f50a890a1b0b1c906c67f9036c30e3f30166078c68729658070c0944acc

SHA512
775979497b704db9501b2eb2338c2ba8fe5489379ebad56b11592f52f69150e4879f979ed89af725930203786a74eb387a056b4b6527c6497022c772d0ad4b97

Download Submit
memory/1704-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1704-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1704-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1704-13-0x00000000035E0000-0x0000000003AC7000-memory.dmp

Filesize
4.9MB

Download
memory/1704-2-0x00000000002A0000-0x00000000003D1000-memory.dmp

Filesize
1.2MB

Download
memory/2360-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2360-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2360-19-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2360-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2360-25-0x0000000003400000-0x0000000003622000-memory.dmp

Filesize
2.1MB

Download
memory/2360-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download