0071d9d96323fa3f340b657b251067051024dbcce475aae3c67005cd23dfb4ef

Analysis

max time kernel
122s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 03:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b666d3aaf2ff25eaf72baff9b1233162.exe
Size

2.9MB
MD5

b666d3aaf2ff25eaf72baff9b1233162
SHA1

684492f8c37e4fedd4a244d14d0a8a1c63da20f3
SHA256

0071d9d96323fa3f340b657b251067051024dbcce475aae3c67005cd23dfb4ef
SHA512

de74af2cd4a2cdf2569968497905ef4e89a8c6cc21ad5110c5c2765addec19fa0bd58615ab3bf526932c236e321f11f811446538494f7310ae8fdb99f19c3db3
SSDEEP

49152:G5514GLst9MHGk5/P/TNbmA4P4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:O52JmGk5/P/ZmA4gg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2968	b666d3aaf2ff25eaf72baff9b1233162.exe

Executes dropped EXE 1 IoCs

pid	Process
2968	b666d3aaf2ff25eaf72baff9b1233162.exe

Loads dropped DLL 1 IoCs

pid	Process
1880	b666d3aaf2ff25eaf72baff9b1233162.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1880-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00040000000130fc-10.dat	upx
behavioral1/files/0x00040000000130fc-14.dat	upx
behavioral1/memory/2968-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00040000000130fc-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1880	b666d3aaf2ff25eaf72baff9b1233162.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1880	b666d3aaf2ff25eaf72baff9b1233162.exe
2968	b666d3aaf2ff25eaf72baff9b1233162.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 2968	1880	b666d3aaf2ff25eaf72baff9b1233162.exe	28
PID 1880 wrote to memory of 2968	1880	b666d3aaf2ff25eaf72baff9b1233162.exe	28
PID 1880 wrote to memory of 2968	1880	b666d3aaf2ff25eaf72baff9b1233162.exe	28
PID 1880 wrote to memory of 2968	1880	b666d3aaf2ff25eaf72baff9b1233162.exe	28

C:\Users\Admin\AppData\Local\Temp\b666d3aaf2ff25eaf72baff9b1233162.exe
"C:\Users\Admin\AppData\Local\Temp\b666d3aaf2ff25eaf72baff9b1233162.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Users\Admin\AppData\Local\Temp\b666d3aaf2ff25eaf72baff9b1233162.exe
  C:\Users\Admin\AppData\Local\Temp\b666d3aaf2ff25eaf72baff9b1233162.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\b666d3aaf2ff25eaf72baff9b1233162.exe

Filesize
896KB

MD5
ea22fb2b86a626dc80da3f5b27e5f60a

SHA1
e2821ca43e5f048134f11cffc9a86a37c377831d

SHA256
a984a941e4f93bf2e99db7f2d6a64240a33f9d107453de5544e32c787446b4a8

SHA512
44bf9c006ef78a595cc2489e585eaf63341194ac73c9d7ea97af02ee929813fbf909ee359f57c7c4b5f8ff23d3e779853fd26820ef8b22739395fffd01b4ae99

Download Submit
C:\Users\Admin\AppData\Local\Temp\b666d3aaf2ff25eaf72baff9b1233162.exe

Filesize
2.6MB

MD5
c9c200eb0766bfef521fc28970dacaf3

SHA1
b3b9d87573c084a7c9bbcd8d167df7f26bc74e1a

SHA256
c372d4e73405d8f8aa020c1cff864c1870a489e47a1ff70cec131543101cb436

SHA512
729306f8bf7f5fb0a8e00f38b9e54530c1fb64e7eaad0a6f35e2eb6dca43c49516320a7c7d8be431a6968e8635b1078d71e7b708509b944ee78221929123e013

Download Submit
\Users\Admin\AppData\Local\Temp\b666d3aaf2ff25eaf72baff9b1233162.exe

Filesize
2.9MB

MD5
d8f0a8316aac776b95e1bb34b22e91cc

SHA1
ac7ffac97ff530abdc58a4a2d9de8dd56d318a63

SHA256
f0312883f34a9ae6a850b7a5046678026c04a89d46f25bfc430a315cac56bf6b

SHA512
ef654cacc2a26887ee50c3b34d20009058ad043d51649302ccb8959a83990aa09a6382ef24f598d37cbedede02962e2d9e2d01e5e4c41af484b0da746490e5f1

Download Submit
memory/1880-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1880-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1880-15-0x0000000003A90000-0x0000000003F7F000-memory.dmp

Filesize
4.9MB

Download
memory/1880-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1880-1-0x0000000000290000-0x00000000003C3000-memory.dmp

Filesize
1.2MB

Download
memory/1880-31-0x0000000003A90000-0x0000000003F7F000-memory.dmp

Filesize
4.9MB

Download
memory/2968-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2968-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2968-19-0x00000000002C0000-0x00000000003F3000-memory.dmp

Filesize
1.2MB

Download
memory/2968-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2968-24-0x0000000003550000-0x000000000377A000-memory.dmp

Filesize
2.2MB

Download
memory/2968-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download