a77f42dfa14c72c7981820ced72aff9d28972e88b3f62dbc2b6e914187ce4a2d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

baaff9ad41f17f00b577a41281fe71e1.exe
Size

2.9MB
MD5

baaff9ad41f17f00b577a41281fe71e1
SHA1

d32348dd24887bea85ad3c344699740ef685d886
SHA256

a77f42dfa14c72c7981820ced72aff9d28972e88b3f62dbc2b6e914187ce4a2d
SHA512

2a80e00927480e950212d41e4565afaef1366e58f01211750ace88893f55f8796c7e1432e9595879fed58d13debf6e366fe3083389b311ce00de96c141b15a84
SSDEEP

49152:1WU/cTgeQtQgUqEHX9wTNXqBUZ9zH0L02AKUXjDb/kqgn8EMOGj:Eqc0eQjUX9q5qGZ9zU4Trz8R8us

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2484	baaff9ad41f17f00b577a41281fe71e1.exe

Executes dropped EXE 1 IoCs

pid	Process
2484	baaff9ad41f17f00b577a41281fe71e1.exe

Loads dropped DLL 1 IoCs

pid	Process
2340	baaff9ad41f17f00b577a41281fe71e1.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2340-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012339-15.dat	upx
behavioral1/memory/2484-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012339-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2340	baaff9ad41f17f00b577a41281fe71e1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2340	baaff9ad41f17f00b577a41281fe71e1.exe
2484	baaff9ad41f17f00b577a41281fe71e1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2484	2340	baaff9ad41f17f00b577a41281fe71e1.exe	28
PID 2340 wrote to memory of 2484	2340	baaff9ad41f17f00b577a41281fe71e1.exe	28
PID 2340 wrote to memory of 2484	2340	baaff9ad41f17f00b577a41281fe71e1.exe	28
PID 2340 wrote to memory of 2484	2340	baaff9ad41f17f00b577a41281fe71e1.exe	28

C:\Users\Admin\AppData\Local\Temp\baaff9ad41f17f00b577a41281fe71e1.exe
"C:\Users\Admin\AppData\Local\Temp\baaff9ad41f17f00b577a41281fe71e1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Users\Admin\AppData\Local\Temp\baaff9ad41f17f00b577a41281fe71e1.exe
  C:\Users\Admin\AppData\Local\Temp\baaff9ad41f17f00b577a41281fe71e1.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\baaff9ad41f17f00b577a41281fe71e1.exe

Filesize
2.8MB

MD5
e850ad991c0a0993082b14c4d06776b5

SHA1
8be388f5dea3476d5af5c2fca2bc3c088cf4a50f

SHA256
1a985bccf0a09362b0454c3bbece6bcd29722fc70ff354d017e03778db8a4ac4

SHA512
fc93db898110e379d2947f01701ce62b4277bcb15ff33131ab130df9ddfb4dcf17845e755cfc21d677f0be25493d65b3b19665cdeb91c1b2332077cdac034db9

Download Submit
\Users\Admin\AppData\Local\Temp\baaff9ad41f17f00b577a41281fe71e1.exe

Filesize
2.9MB

MD5
e148795372c12a5106f856ae6f4f8ba5

SHA1
242c2b3a7a5ab088b694256fc76b42e1af02a6f6

SHA256
73b5a26c6440b19c9d8a4fe780bd50a989742ad3e413cbbb6c1a806d7e4203df

SHA512
b4f6c3fcfa413b5443f0e8fec9a1693d71ed736e816c8b9fb0b4573a2092216f6120909e94935a8693686497490f1f30b8456de9f1fe11f0d94346767b0e7e51

Download Submit
memory/2340-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2340-14-0x0000000003930000-0x0000000003E1F000-memory.dmp

Filesize
4.9MB

Download
memory/2340-2-0x00000000002C0000-0x00000000003F3000-memory.dmp

Filesize
1.2MB

Download
memory/2340-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2340-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2484-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2484-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2484-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2484-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2484-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2484-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download