1c3878005f3b5d8f3f22b53c3b4cc22b854336115a415521a5897ff3dbd677c6

Analysis

max time kernel
120s
max time network
130s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb4401b5e30127c3de4b4056e832eb35.exe
Size

2.9MB
MD5

bb4401b5e30127c3de4b4056e832eb35
SHA1

cf5df2f49c3b2a9c7c286835831833987c1ed2e7
SHA256

1c3878005f3b5d8f3f22b53c3b4cc22b854336115a415521a5897ff3dbd677c6
SHA512

e1c962c989082be5179c080f964c1fa65483083665974ac4a7155624f74afaa4dea7cb35d98dd2d5b07dfe1de2f14a0b6ae9e5a147611827923b9f28207414d3
SSDEEP

49152:Tj6kFcSyqifuo0n6WlEyrU278P4P4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:TOdtLf/0lUA8P4gg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
780	bb4401b5e30127c3de4b4056e832eb35.exe

Executes dropped EXE 1 IoCs

pid	Process
780	bb4401b5e30127c3de4b4056e832eb35.exe

Loads dropped DLL 1 IoCs

pid	Process
2140	bb4401b5e30127c3de4b4056e832eb35.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2140-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d00000000e655-10.dat	upx
behavioral1/files/0x000d00000000e655-14.dat	upx
behavioral1/memory/780-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2140	bb4401b5e30127c3de4b4056e832eb35.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2140	bb4401b5e30127c3de4b4056e832eb35.exe
780	bb4401b5e30127c3de4b4056e832eb35.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 780	2140	bb4401b5e30127c3de4b4056e832eb35.exe	28
PID 2140 wrote to memory of 780	2140	bb4401b5e30127c3de4b4056e832eb35.exe	28
PID 2140 wrote to memory of 780	2140	bb4401b5e30127c3de4b4056e832eb35.exe	28
PID 2140 wrote to memory of 780	2140	bb4401b5e30127c3de4b4056e832eb35.exe	28

C:\Users\Admin\AppData\Local\Temp\bb4401b5e30127c3de4b4056e832eb35.exe
"C:\Users\Admin\AppData\Local\Temp\bb4401b5e30127c3de4b4056e832eb35.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Users\Admin\AppData\Local\Temp\bb4401b5e30127c3de4b4056e832eb35.exe
  C:\Users\Admin\AppData\Local\Temp\bb4401b5e30127c3de4b4056e832eb35.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bb4401b5e30127c3de4b4056e832eb35.exe

Filesize
1.4MB

MD5
8a23794eb35c12b2dbc8d8648585f6e5

SHA1
cc734d3731dbd89d2703a92e9767087b2a1402b7

SHA256
648bd0ee74b2d5c9afcbb8a03a8dbde0fffa5b70bab870305b75b7a96d6a0330

SHA512
745351f2b6b07c8b973d47c8376a66c91980bb6e7054347176fce9a4039fc27481981e9e8a8a26affcf7e2cd0016bccae397ce0607c15983a1f11942e10b04f3

Download Submit
\Users\Admin\AppData\Local\Temp\bb4401b5e30127c3de4b4056e832eb35.exe

Filesize
1.4MB

MD5
34da3d6e0018d90c35410a70e1b22d73

SHA1
e921fbf57c1af282e2e3129ac4054c8fb642b237

SHA256
d9cd1607e6608faad859ec734f468be79e12090006ee68fb98f53383ba93753a

SHA512
aca2ec6f341a02ce87777ff73e73dcd439c68dbe38076d8df475b30b948b9c003ecbcd9e6ca5793fe8873d4ab749cb1cecf28bb91df8400c2c06285e3bc56044

Download Submit
memory/780-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/780-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/780-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/780-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/780-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/780-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2140-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2140-2-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/2140-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2140-15-0x00000000038A0000-0x0000000003D8F000-memory.dmp

Filesize
4.9MB

Download
memory/2140-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2140-31-0x00000000038A0000-0x0000000003D8F000-memory.dmp

Filesize
4.9MB

Download