f08ab388713b11fa6212d7aba591f0f1ea222a0dd4c87927ab569152dcf5f120

Analysis

max time kernel
118s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-03-2024 10:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b733e38ed4c1159b74aa18fc778770c8.exe
Size

1.5MB
MD5

b733e38ed4c1159b74aa18fc778770c8
SHA1

e1d745f2ab9f5a53a9891e48681f827e61d593fc
SHA256

f08ab388713b11fa6212d7aba591f0f1ea222a0dd4c87927ab569152dcf5f120
SHA512

535c36e9a098b91817e4ba7577309b2466a16c721bb70e63f8cd4b8868555644284766cf07a150c4365374a0dbffe3dff7f285c13842c235d73c63f0bb2d711e
SSDEEP

24576:/nVwufM90Jg4g6gFNmdj5cXtV+KNv4VmT5BokOOsTiWq76xrCNAonrYW:GufOxFSct1Hgipe2TY

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3012	b733e38ed4c1159b74aa18fc778770c8.exe

Executes dropped EXE 1 IoCs

pid	Process
3012	b733e38ed4c1159b74aa18fc778770c8.exe

Loads dropped DLL 1 IoCs

pid	Process
2224	b733e38ed4c1159b74aa18fc778770c8.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2224-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012251-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2224	b733e38ed4c1159b74aa18fc778770c8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2224	b733e38ed4c1159b74aa18fc778770c8.exe
3012	b733e38ed4c1159b74aa18fc778770c8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 3012	2224	b733e38ed4c1159b74aa18fc778770c8.exe	28
PID 2224 wrote to memory of 3012	2224	b733e38ed4c1159b74aa18fc778770c8.exe	28
PID 2224 wrote to memory of 3012	2224	b733e38ed4c1159b74aa18fc778770c8.exe	28
PID 2224 wrote to memory of 3012	2224	b733e38ed4c1159b74aa18fc778770c8.exe	28

C:\Users\Admin\AppData\Local\Temp\b733e38ed4c1159b74aa18fc778770c8.exe
"C:\Users\Admin\AppData\Local\Temp\b733e38ed4c1159b74aa18fc778770c8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\b733e38ed4c1159b74aa18fc778770c8.exe
  C:\Users\Admin\AppData\Local\Temp\b733e38ed4c1159b74aa18fc778770c8.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\b733e38ed4c1159b74aa18fc778770c8.exe

Filesize
1.5MB

MD5
57b26da7a60efed437019c43d4c896a8

SHA1
987a619fad696914da9bfe3d1e051faf1cb4faae

SHA256
c2e967e8a448337b2f14c3d2597ed4e41398d716f569f82427d1111a0d2974d3

SHA512
7617c4a9495e2d14cc07c10421cd35473092febb08d1feb92c7260add039449d96d85d43eb792f006ba3f89b041cfbf107bb579701bde712bef7c22ea569f57a

Download Submit
memory/2224-31-0x00000000035F0000-0x0000000003ADF000-memory.dmp

Filesize
4.9MB

Download
memory/2224-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2224-3-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/2224-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2224-15-0x00000000035F0000-0x0000000003ADF000-memory.dmp

Filesize
4.9MB

Download
memory/2224-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3012-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3012-18-0x00000000002A0000-0x00000000003D3000-memory.dmp

Filesize
1.2MB

Download
memory/3012-24-0x00000000036C0000-0x00000000038EA000-memory.dmp

Filesize
2.2MB

Download
memory/3012-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3012-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3012-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download