15ff6d16e435608fe942b1a7925b727562beffd702a8300754ba3fe4e6d4f1d1

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7a5faee6f724128d9648825bc816055.exe
Size

5.8MB
MD5

b7a5faee6f724128d9648825bc816055
SHA1

e71c9a8485a8ca7bbc9b971ce8400a0a57b837eb
SHA256

15ff6d16e435608fe942b1a7925b727562beffd702a8300754ba3fe4e6d4f1d1
SHA512

4efab002f45dd1b83d6df7ec02aa6a0461cf68cad331922d712b44b83e24c8fbdfa0c2384c08a06a93819f9b6ce9b13044cc7a13a937b5cf1a651e41887b5c9b
SSDEEP

98304:8jg3oRUq7QhSNHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:8sOvpauq1jI86FA7y2auq1jI86

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1296	b7a5faee6f724128d9648825bc816055.exe

Executes dropped EXE 1 IoCs

pid	Process
1296	b7a5faee6f724128d9648825bc816055.exe

Loads dropped DLL 1 IoCs

pid	Process
2168	b7a5faee6f724128d9648825bc816055.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2168-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012256-12.dat	upx
behavioral1/files/0x000b000000012256-10.dat	upx
behavioral1/files/0x000b000000012256-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2168	b7a5faee6f724128d9648825bc816055.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2168	b7a5faee6f724128d9648825bc816055.exe
1296	b7a5faee6f724128d9648825bc816055.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 1296	2168	b7a5faee6f724128d9648825bc816055.exe	28
PID 2168 wrote to memory of 1296	2168	b7a5faee6f724128d9648825bc816055.exe	28
PID 2168 wrote to memory of 1296	2168	b7a5faee6f724128d9648825bc816055.exe	28
PID 2168 wrote to memory of 1296	2168	b7a5faee6f724128d9648825bc816055.exe	28

C:\Users\Admin\AppData\Local\Temp\b7a5faee6f724128d9648825bc816055.exe
"C:\Users\Admin\AppData\Local\Temp\b7a5faee6f724128d9648825bc816055.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\b7a5faee6f724128d9648825bc816055.exe
  C:\Users\Admin\AppData\Local\Temp\b7a5faee6f724128d9648825bc816055.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\b7a5faee6f724128d9648825bc816055.exe

Filesize
704KB

MD5
61ad28a9b3a0b5079570a454560d8c8a

SHA1
7ff1b5baa10e57eb332683142725eeb90bd9836c

SHA256
015ac3dabdfd230c96d94c928f3ffa117f435f42a6520f2123b1ce3d9f7b9727

SHA512
4b0fedb871e5989c5de88258ca5c382d367aad6bf430d71748cda06d8f4b72d5db5b9b5c7954f81704ce53ce18d32ec8added31b002e62baac2ebf081f53440b

Download Submit
C:\Users\Admin\AppData\Local\Temp\b7a5faee6f724128d9648825bc816055.exe

Filesize
5.8MB

MD5
04cb7420d0e9d0ef506b11d05ece2447

SHA1
54dfe5c0f83dff867d2d2960c02360b48dec2490

SHA256
0a31dda98a83d588ee22a6c6dbf8de6189071086698fb60266cb5dcd80c47343

SHA512
312ba65c0cb76976fc4e476ffeed88454ffade8a0da05cc1eb9995e344eb8307806f4a05c47937467b69ac650d0ef01b0cf358342b0bd54aa4c575647b3304f8

Download Submit
\Users\Admin\AppData\Local\Temp\b7a5faee6f724128d9648825bc816055.exe

Filesize
768KB

MD5
413974ae6173b3cb716d058651736060

SHA1
059004c8d1301a4277ab49af16dfc695306b131d

SHA256
cdf3a4ce09bdcd29cecd76eb6c0426e9f6853a0c9cd13dbd7f418c3291a4e38a

SHA512
e9f266863eb60ee45cc87f6ad4ae1c16893a9803accc616e2214044717996a269fcaf40fd882b68cb7334f4ac62bc4f23c497a56a0cb291873073f687750264e

Download Submit
memory/1296-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1296-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1296-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1296-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/1296-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1296-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2168-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2168-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2168-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2168-3-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2168-14-0x0000000003DC0000-0x00000000042AF000-memory.dmp

Filesize
4.9MB

Download
memory/2168-31-0x0000000003DC0000-0x00000000042AF000-memory.dmp

Filesize
4.9MB

Download