Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-03-2024 12:10

General

  • Target

    b8b391dfda10a19f7dee154c7b4396dd.exe

  • Size

    2.7MB

  • MD5

    b8b391dfda10a19f7dee154c7b4396dd

  • SHA1

    dff59003c2a395493dcc3eecf38f74ae2aad9d93

  • SHA256

    f43876d45e2792b4e94cc6b2ec125859ec51be4a22b8578aed2e92d073ea57c2

  • SHA512

    131a231c47054dce9fe1244ee886c566bac65e945260c9b2c951b8f7547a7a732c1dbdea295cbcac8bcfaa4f1219d5a0cb03d6b3ef69b5757f45e4749ea8b155

  • SSDEEP

    49152:fYIELe0g+0KGvizMy3dVcEk+naa71XkziW1LuXHmZGs/U:DELe9+HGUMy3dqZ+nJ0/9uXGZpU

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b8b391dfda10a19f7dee154c7b4396dd.exe
    "C:\Users\Admin\AppData\Local\Temp\b8b391dfda10a19f7dee154c7b4396dd.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:5072
    • C:\Users\Admin\AppData\Local\Temp\b8b391dfda10a19f7dee154c7b4396dd.exe
      C:\Users\Admin\AppData\Local\Temp\b8b391dfda10a19f7dee154c7b4396dd.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:2120
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1044 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:4004

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\b8b391dfda10a19f7dee154c7b4396dd.exe

      Filesize

      2.4MB

      MD5

      5bc782348ebb8207eef285f9f9d676e6

      SHA1

      1dd05575cb41ccda3b2876a83db2da0557b7eec6

      SHA256

      cdcbe0dc27da673f59c506eb68680a4b074c6ee7813956ee8f5bb0d5de832245

      SHA512

      05acd51976bb996a381e31904e1ad27e7eba14a61d11227a241a3f955cbba87bb754db9949f5146e878b721117b7ceb56db3827b954f8f516d7be88ba73e3744

    • memory/2120-15-0x0000000000400000-0x000000000086A000-memory.dmp

      Filesize

      4.4MB

    • memory/2120-16-0x0000000000400000-0x00000000005F2000-memory.dmp

      Filesize

      1.9MB

    • memory/2120-17-0x0000000001870000-0x0000000001982000-memory.dmp

      Filesize

      1.1MB

    • memory/2120-24-0x0000000000400000-0x000000000086A000-memory.dmp

      Filesize

      4.4MB

    • memory/5072-0-0x0000000000400000-0x000000000086A000-memory.dmp

      Filesize

      4.4MB

    • memory/5072-1-0x0000000001C00000-0x0000000001D12000-memory.dmp

      Filesize

      1.1MB

    • memory/5072-2-0x0000000000400000-0x00000000005F2000-memory.dmp

      Filesize

      1.9MB

    • memory/5072-14-0x0000000000400000-0x00000000005F2000-memory.dmp

      Filesize

      1.9MB