c5be9caf7adf091d72f397330a85aae28838a20a9851abe0d90643d891dee5a4

Analysis

max time kernel
120s
max time network
132s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 15:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb9736f65ef8434554d7043f901362ea.exe
Size

2.9MB
MD5

bb9736f65ef8434554d7043f901362ea
SHA1

7cb50c8ed1b22b4119e80d31a58bc7863072e5ca
SHA256

c5be9caf7adf091d72f397330a85aae28838a20a9851abe0d90643d891dee5a4
SHA512

fb996c59e30a086e05acde721ad8d36164085ea038adedd24722b8951866f99797cfaca5f9e7187c7be3267c0e7bd82381995a462864309676f5622d83b9d38a
SSDEEP

49152:R/UV6xZLUH55vL15FhhnIddrdP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:R/UYxZLSvL15FbIddZgg3gnl/IVUs1jl

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2524	bb9736f65ef8434554d7043f901362ea.exe

Executes dropped EXE 1 IoCs

pid	Process
2524	bb9736f65ef8434554d7043f901362ea.exe

Loads dropped DLL 1 IoCs

pid	Process
2060	bb9736f65ef8434554d7043f901362ea.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2060-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c0000000122c3-10.dat	upx
behavioral1/files/0x000c0000000122c3-14.dat	upx
behavioral1/memory/2060-13-0x00000000037F0000-0x0000000003CDF000-memory.dmp	upx
behavioral1/memory/2524-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2060	bb9736f65ef8434554d7043f901362ea.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2060	bb9736f65ef8434554d7043f901362ea.exe
2524	bb9736f65ef8434554d7043f901362ea.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2524	2060	bb9736f65ef8434554d7043f901362ea.exe	28
PID 2060 wrote to memory of 2524	2060	bb9736f65ef8434554d7043f901362ea.exe	28
PID 2060 wrote to memory of 2524	2060	bb9736f65ef8434554d7043f901362ea.exe	28
PID 2060 wrote to memory of 2524	2060	bb9736f65ef8434554d7043f901362ea.exe	28

C:\Users\Admin\AppData\Local\Temp\bb9736f65ef8434554d7043f901362ea.exe
"C:\Users\Admin\AppData\Local\Temp\bb9736f65ef8434554d7043f901362ea.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Users\Admin\AppData\Local\Temp\bb9736f65ef8434554d7043f901362ea.exe
  C:\Users\Admin\AppData\Local\Temp\bb9736f65ef8434554d7043f901362ea.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bb9736f65ef8434554d7043f901362ea.exe

Filesize
1.6MB

MD5
4d32db23a05f36bb88a6511e3e4ef65a

SHA1
c52380a40c273244c7d438d03df586af70a7930e

SHA256
28981fd8a1012bb34dae25b9a4c2d7cbe7f0ffd9d5543a1e89a5a0b6622ca523

SHA512
404b6bf45d9a8cc7ea86af7c8d59a631ae898ff0172b1675e5028a6265b592d2fbb6fa1fb5f7ddaed5947b76eeb29309459eb16aa8f82c4caf69e57dbae3149a

Download Submit
\Users\Admin\AppData\Local\Temp\bb9736f65ef8434554d7043f901362ea.exe

Filesize
2.1MB

MD5
10049c3f3dd775e31af5fb7e3c533ddc

SHA1
276160bb35483a06af281c87cd90f91af3698e8f

SHA256
ada7018adc99e91f45ddd3c1718d3605b6448dc37d27bbb8857919818749fb0c

SHA512
508ff98405eac997890ec182b2a5f0ea32d2aa32c405c76277723a791ade6c3b2015759b7d7b532220689fe9a4425f4f637f4b4c612a189f097a288c3e4cabb7

Download Submit
memory/2060-13-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2060-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2060-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2060-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2060-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2524-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2524-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2524-19-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2524-24-0x00000000032D0000-0x00000000034FA000-memory.dmp

Filesize
2.2MB

Download
memory/2524-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2524-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download