4e00392fe1182a6dcc3a68d45e0f87909e91c1a78973e715e44c57267596ab52

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 13:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b7925a4910d65a5e6c933439f03b955c.exe
Size

5.3MB
MD5

b7925a4910d65a5e6c933439f03b955c
SHA1

2ecbe287bdb8b4c25268293842b70f8daf1ea864
SHA256

4e00392fe1182a6dcc3a68d45e0f87909e91c1a78973e715e44c57267596ab52
SHA512

98522a875fd0b9286414b8b85339be3a1272300f6b6d56c05e18abb07bf86f2d46253f51dfcd5a27ee56e1d0a793142b8e7ea0b716503c3b8e081958a4f68ecc
SSDEEP

98304:AQfN5mid2vXzbVN17PXNzWCh0A5xnOMHJ5w9ab4Rfm8NhwcMN17PXNzWCh0A5xna:AQV5mLvXzb17PXNzWChT55zfDEm8NhwE

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2748	b7925a4910d65a5e6c933439f03b955c.exe

Executes dropped EXE 1 IoCs

pid	Process
2748	b7925a4910d65a5e6c933439f03b955c.exe

Loads dropped DLL 1 IoCs

pid	Process
2020	b7925a4910d65a5e6c933439f03b955c.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2020-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000800000001222a-10.dat	upx
behavioral1/memory/2020-15-0x0000000003B90000-0x000000000407F000-memory.dmp	upx
behavioral1/memory/2748-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000800000001222a-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2020	b7925a4910d65a5e6c933439f03b955c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2020	b7925a4910d65a5e6c933439f03b955c.exe
2748	b7925a4910d65a5e6c933439f03b955c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2748	2020	b7925a4910d65a5e6c933439f03b955c.exe	28
PID 2020 wrote to memory of 2748	2020	b7925a4910d65a5e6c933439f03b955c.exe	28
PID 2020 wrote to memory of 2748	2020	b7925a4910d65a5e6c933439f03b955c.exe	28
PID 2020 wrote to memory of 2748	2020	b7925a4910d65a5e6c933439f03b955c.exe	28

C:\Users\Admin\AppData\Local\Temp\b7925a4910d65a5e6c933439f03b955c.exe
"C:\Users\Admin\AppData\Local\Temp\b7925a4910d65a5e6c933439f03b955c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Users\Admin\AppData\Local\Temp\b7925a4910d65a5e6c933439f03b955c.exe
  C:\Users\Admin\AppData\Local\Temp\b7925a4910d65a5e6c933439f03b955c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\b7925a4910d65a5e6c933439f03b955c.exe

Filesize
1.3MB

MD5
d0167b5910782b20e3a1d6066e9d6623

SHA1
de56f6483f9a46c538540f62f3d979a60b8ab889

SHA256
5c37a11702475fbc14e1773eaad3c530a6ba6e2c52f15deaacc5b3e540048bf3

SHA512
b8b99b4d33804bac3f326f81c5c0216583e5a5b327f07c9a06d5c48a907c7d439f8199985d85982e19ff38e09fa44f94e6eee9dccc9745306e432db9d5aa2db1

Download Submit
\Users\Admin\AppData\Local\Temp\b7925a4910d65a5e6c933439f03b955c.exe

Filesize
1.9MB

MD5
e3c321cc8d8dbdb9b6b15749ff2d2b7c

SHA1
090751ef558ff64186f064d776bae87cb84a0afe

SHA256
298f29fa64448d52ca3b04cfd2bda9fdcb4cb4fe25cb6abcbc64f2f0196489c8

SHA512
5d3424fce0dc1d0786fdcc23c97d48288ba590eff8dbb4844185cb4c5c818f50c06ebaa84c1b9fd1dc5629aeeda262ae7ea59532d25a7e8b6a4a227a4ee7cdde

Download Submit
memory/2020-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2020-2-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2020-15-0x0000000003B90000-0x000000000407F000-memory.dmp

Filesize
4.9MB

Download
memory/2020-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2020-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2020-31-0x0000000003B90000-0x000000000407F000-memory.dmp

Filesize
4.9MB

Download
memory/2748-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2748-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2748-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2748-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2748-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2748-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download