d0c3706bee3ae7b4490c722ae0661c8e0d1750308a5e90a475f78eda5b9690d7

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 09:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

baefd50ac3176d4e353919a1ad3900c6.exe
Size

5.8MB
MD5

baefd50ac3176d4e353919a1ad3900c6
SHA1

2e986a7196e3c65e55150c3b7a8f5e004c8f4f8d
SHA256

d0c3706bee3ae7b4490c722ae0661c8e0d1750308a5e90a475f78eda5b9690d7
SHA512

3e5c9b812535708f8eb398895ed945e66249fdbf515be828b5cd6ddc3c853e5de26d87ad155801904e064a6740ac1e55df4a507c77d29a3aa9cf6417d1880215
SSDEEP

98304:v1kw3LwRsHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:NH3LPauq1jI86FA7y2auq1jI86

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3064	baefd50ac3176d4e353919a1ad3900c6.exe

Executes dropped EXE 1 IoCs

pid	Process
3064	baefd50ac3176d4e353919a1ad3900c6.exe

Loads dropped DLL 1 IoCs

pid	Process
1524	baefd50ac3176d4e353919a1ad3900c6.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1524-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001224c-14.dat	upx
behavioral1/memory/3064-18-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/1524-16-0x0000000003DD0000-0x00000000042BF000-memory.dmp	upx
behavioral1/files/0x000b00000001224c-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1524	baefd50ac3176d4e353919a1ad3900c6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1524	baefd50ac3176d4e353919a1ad3900c6.exe
3064	baefd50ac3176d4e353919a1ad3900c6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 3064	1524	baefd50ac3176d4e353919a1ad3900c6.exe	28
PID 1524 wrote to memory of 3064	1524	baefd50ac3176d4e353919a1ad3900c6.exe	28
PID 1524 wrote to memory of 3064	1524	baefd50ac3176d4e353919a1ad3900c6.exe	28
PID 1524 wrote to memory of 3064	1524	baefd50ac3176d4e353919a1ad3900c6.exe	28

C:\Users\Admin\AppData\Local\Temp\baefd50ac3176d4e353919a1ad3900c6.exe
"C:\Users\Admin\AppData\Local\Temp\baefd50ac3176d4e353919a1ad3900c6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Users\Admin\AppData\Local\Temp\baefd50ac3176d4e353919a1ad3900c6.exe
  C:\Users\Admin\AppData\Local\Temp\baefd50ac3176d4e353919a1ad3900c6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\baefd50ac3176d4e353919a1ad3900c6.exe

Filesize
2.8MB

MD5
d49eff3473cfaa3e427a88ded9558de4

SHA1
c2d1a8dfcf4de953a807a116c1494ef06d82c47e

SHA256
c02f491b3d00e95a023e787be939855bc3ce0ad375132dc00e808cab9f93eae9

SHA512
9d6257b440756edeaf8b2ddf3faebe56bc43269fed5de7f6fbb7c12b5b9547e279e678f1ff9adc83396d564b412fdea614d035ff44b2f4e51c202005d11cc7ce

Download Submit
\Users\Admin\AppData\Local\Temp\baefd50ac3176d4e353919a1ad3900c6.exe

Filesize
3.1MB

MD5
de70be0cab056fb1c8720f4f54248b05

SHA1
fabdbc2d47357debfbaf0b62c1f095dbc82bac34

SHA256
3cbda34be0e217b8f78fdb30740e259c8e4ab5aaf5749f23fb8aba8d692c5f45

SHA512
e0541049ec029df93edaf0428ae4beeb3ffbf8552613b7bef9413bb9bc805ba4f75934fe64601ec393e522d7df9a898f0def7d86811186ee44355a0a96fbd9d0

Download Submit
memory/1524-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1524-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1524-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1524-16-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/1524-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1524-32-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/3064-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3064-20-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/3064-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3064-25-0x00000000034F0000-0x000000000371A000-memory.dmp

Filesize
2.2MB

Download
memory/3064-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3064-33-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download