fe6475d85c6bb7b8da27ff83d93753eae3c4759b68aea7ae6570ec8b59fd1d6f

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
07-03-2024 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b852e23d5e5f8c80ea2187336c9b95a3.exe
Size

1.3MB
MD5

b852e23d5e5f8c80ea2187336c9b95a3
SHA1

f17c1cd428c6605877ecbbccf3ec50ba0a03955d
SHA256

fe6475d85c6bb7b8da27ff83d93753eae3c4759b68aea7ae6570ec8b59fd1d6f
SHA512

5f7806034e8a4da1992c6b114e519cc917e8a7596c18472f2f749034420921926e77647b36ff804f3f2dc81bfb0f6df26c7ea9e1d7a645151e4ccd83063c275b
SSDEEP

24576:ytUZ8Ql38qCKbZzRliIqaLeyWbhJmYiHiTQHHIaUwYDUDN5pVVHWO:ytUZvh9zM2ohwYI1HoI+U/XZf

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2900	b852e23d5e5f8c80ea2187336c9b95a3.exe

Executes dropped EXE 1 IoCs

pid	Process
2900	b852e23d5e5f8c80ea2187336c9b95a3.exe

Loads dropped DLL 1 IoCs

pid	Process
2064	b852e23d5e5f8c80ea2187336c9b95a3.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2064-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012251-10.dat	upx
behavioral1/memory/2900-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2064	b852e23d5e5f8c80ea2187336c9b95a3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2064	b852e23d5e5f8c80ea2187336c9b95a3.exe
2900	b852e23d5e5f8c80ea2187336c9b95a3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2900	2064	b852e23d5e5f8c80ea2187336c9b95a3.exe	28
PID 2064 wrote to memory of 2900	2064	b852e23d5e5f8c80ea2187336c9b95a3.exe	28
PID 2064 wrote to memory of 2900	2064	b852e23d5e5f8c80ea2187336c9b95a3.exe	28
PID 2064 wrote to memory of 2900	2064	b852e23d5e5f8c80ea2187336c9b95a3.exe	28

C:\Users\Admin\AppData\Local\Temp\b852e23d5e5f8c80ea2187336c9b95a3.exe
"C:\Users\Admin\AppData\Local\Temp\b852e23d5e5f8c80ea2187336c9b95a3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Users\Admin\AppData\Local\Temp\b852e23d5e5f8c80ea2187336c9b95a3.exe
  C:\Users\Admin\AppData\Local\Temp\b852e23d5e5f8c80ea2187336c9b95a3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\b852e23d5e5f8c80ea2187336c9b95a3.exe

Filesize
1.3MB

MD5
3ab28228125a3d009df1c1cf83e474b8

SHA1
2b888b4e6b99e951581af02356731bf855f4e28e

SHA256
44977b1ad97a0fa1097231710b7c5a1b09dc5fedd332be6d2eb94ad19ea0d4ed

SHA512
11c0d54787b8ffaefa01a0e32c4335cee629208dcd77a3b23bfa7b668d21ee8430df7c77ce798268f5a915c6840af5f80572f2d5007886a7674d8a6b473fcdcf

Download Submit
memory/2064-31-0x0000000003740000-0x0000000003C2F000-memory.dmp

Filesize
4.9MB

Download
memory/2064-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2064-3-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/2064-15-0x0000000003740000-0x0000000003C2F000-memory.dmp

Filesize
4.9MB

Download
memory/2064-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2064-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2900-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2900-19-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2900-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2900-24-0x00000000032D0000-0x00000000034FA000-memory.dmp

Filesize
2.2MB

Download
memory/2900-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2900-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download