e6ce21e8c7ba5a81fc47220c8f89d79dbfc1f380f462e32aab5b506f42e53898

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 19:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b57013ac5f44b96b559b589c49661ec9.exe
Size

2.7MB
MD5

b57013ac5f44b96b559b589c49661ec9
SHA1

328835ac3a0878eed46191c45bd805c72d324a72
SHA256

e6ce21e8c7ba5a81fc47220c8f89d79dbfc1f380f462e32aab5b506f42e53898
SHA512

2790e7c6a98869bcf9642752c43fad964ed2dc5acc781289f433c32c8e6ded49e76adf114b6a267aaefcefd1e115edf1bdb706a2927be9e1d50cf9d5412118e5
SSDEEP

49152:LlGGDzzMsM+138co+D3+GEV4gXO+Q3/fmgnUq+9ByXdF23YZf:sGr0y0+DOGEV4qOP3xnU/LsFjf

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2512	b57013ac5f44b96b559b589c49661ec9.exe

Executes dropped EXE 1 IoCs

pid	Process
2512	b57013ac5f44b96b559b589c49661ec9.exe

Loads dropped DLL 1 IoCs

pid	Process
2912	b57013ac5f44b96b559b589c49661ec9.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2912-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012251-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2912	b57013ac5f44b96b559b589c49661ec9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2912	b57013ac5f44b96b559b589c49661ec9.exe
2512	b57013ac5f44b96b559b589c49661ec9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2512	2912	b57013ac5f44b96b559b589c49661ec9.exe	28
PID 2912 wrote to memory of 2512	2912	b57013ac5f44b96b559b589c49661ec9.exe	28
PID 2912 wrote to memory of 2512	2912	b57013ac5f44b96b559b589c49661ec9.exe	28
PID 2912 wrote to memory of 2512	2912	b57013ac5f44b96b559b589c49661ec9.exe	28

C:\Users\Admin\AppData\Local\Temp\b57013ac5f44b96b559b589c49661ec9.exe
"C:\Users\Admin\AppData\Local\Temp\b57013ac5f44b96b559b589c49661ec9.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Users\Admin\AppData\Local\Temp\b57013ac5f44b96b559b589c49661ec9.exe
  C:\Users\Admin\AppData\Local\Temp\b57013ac5f44b96b559b589c49661ec9.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\b57013ac5f44b96b559b589c49661ec9.exe

Filesize
2.7MB

MD5
4b7bafc37d450e9a3f1c761024ede9a2

SHA1
91131cddec2362d994ee1a9c9ccf84582963218e

SHA256
47b4d7c543ca7a2979cf0f425b4439432904256ab8404e00a829cd6973d89fd6

SHA512
7be7c080d4094936c0ec996944599dbfdacd8b40facefeda2ad3820aba0526c1a0a4f29cf587fc111026b345d03c43adfb7b697d34d2702e049e511b1b934378

Download Submit
memory/2512-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2512-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2512-20-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2512-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2512-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2512-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2912-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2912-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2912-15-0x0000000003770000-0x0000000003C5F000-memory.dmp

Filesize
4.9MB

Download
memory/2912-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2912-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2912-31-0x0000000003770000-0x0000000003C5F000-memory.dmp

Filesize
4.9MB

Download