849bd0b74829f8cace9446568bdbacc033ce7a5234f5472d4ede8ba66c2edae7

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07-03-2024 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9a6f67f1f6e07a11ab51c510b0c3277.exe
Size

11.7MB
MD5

b9a6f67f1f6e07a11ab51c510b0c3277
SHA1

8d0fa6352eeed0863246c2e7a82ca2e6fc75ab53
SHA256

849bd0b74829f8cace9446568bdbacc033ce7a5234f5472d4ede8ba66c2edae7
SHA512

1d7b7c4f20676df9bfd557f0c1fd420c372b4e6bd98e09d5294d47f038e4e0fc1ee8a7b9ffe1dcfcffd59874c4b5d6c537237c7d6b1a1f4063457750be870c41
SSDEEP

196608:xeYIQG7upcVU1J/Nkupc8NyQ3upcVU1J/Nkupc:xFc7XVA/aXnQ3XVA/aX

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2596	b9a6f67f1f6e07a11ab51c510b0c3277.exe

Executes dropped EXE 1 IoCs

pid	Process
2596	b9a6f67f1f6e07a11ab51c510b0c3277.exe

Loads dropped DLL 1 IoCs

pid	Process
2200	b9a6f67f1f6e07a11ab51c510b0c3277.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2200-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a0000000142b5-10.dat	upx
behavioral1/memory/2596-15-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a0000000142b5-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2200	b9a6f67f1f6e07a11ab51c510b0c3277.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2200	b9a6f67f1f6e07a11ab51c510b0c3277.exe
2596	b9a6f67f1f6e07a11ab51c510b0c3277.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2596	2200	b9a6f67f1f6e07a11ab51c510b0c3277.exe	28
PID 2200 wrote to memory of 2596	2200	b9a6f67f1f6e07a11ab51c510b0c3277.exe	28
PID 2200 wrote to memory of 2596	2200	b9a6f67f1f6e07a11ab51c510b0c3277.exe	28
PID 2200 wrote to memory of 2596	2200	b9a6f67f1f6e07a11ab51c510b0c3277.exe	28

C:\Users\Admin\AppData\Local\Temp\b9a6f67f1f6e07a11ab51c510b0c3277.exe
"C:\Users\Admin\AppData\Local\Temp\b9a6f67f1f6e07a11ab51c510b0c3277.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Users\Admin\AppData\Local\Temp\b9a6f67f1f6e07a11ab51c510b0c3277.exe
  C:\Users\Admin\AppData\Local\Temp\b9a6f67f1f6e07a11ab51c510b0c3277.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\b9a6f67f1f6e07a11ab51c510b0c3277.exe

Filesize
2.0MB

MD5
f9749d7ba5064efe94a2dc358b86399f

SHA1
9cf0974d6bf21fab9091a85c61e2af9fbabf6ea4

SHA256
dcb9adaba6a4cb262293ccc7b008ae11e232c82fee4fdee37426cb92e6c627c7

SHA512
2106a175f4f07905ed6695cbb5d2213b3ddba2d4d65bd05501a1b54dfdd61fc0c8732ed9d37d5c9f540f430bb69a4eebade6d967b2d2d8f798a0ede704130e5e

Download Submit
\Users\Admin\AppData\Local\Temp\b9a6f67f1f6e07a11ab51c510b0c3277.exe

Filesize
2.2MB

MD5
ca385ab4b8fad3969dcde01c94d9aa67

SHA1
522b984dc5ecd772b3050d92785015319d017611

SHA256
2157bfabd1862e390022a60f4f48f6d2371b38c65814c661b0b8dac9259d1586

SHA512
6839eeb3dddc93cdffbc1da2f0258b7044615f338a59e94034db9cffee42ce9b1702b934a2bfac702c9dc83380824fb886acf59ec85703f9a5d82bd8ef93712e

Download Submit
memory/2200-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2200-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2200-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2200-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2596-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2596-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2596-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2596-23-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2596-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2596-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download