ce3cbe036bb53dfb26eb997a791fb27459d3b1aaca76849d7b611e2d9a145a52

Analysis

max time kernel
117s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 16:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bbb4599beedabf0c14b01f19fe14c057.exe
Size

2.4MB
MD5

bbb4599beedabf0c14b01f19fe14c057
SHA1

538718f6451e64b369b526c082d78c7455996813
SHA256

ce3cbe036bb53dfb26eb997a791fb27459d3b1aaca76849d7b611e2d9a145a52
SHA512

ccd54a45534ebd4d4cac475d0a4a97dbce169926afa6527b0d1c27b8e4c480f8b5ba9f1e3e4546e9c851874abee8f0fb5fbfa17c7dc8038f13594c325d8ce133
SSDEEP

49152:RkeLqVZnqmd5+9I8vOUOD+ixzqX9mQNP4M338dB2IBlGuuDVUsdxxjr:HL8bd5+9I8vDOD+dgg3gnl/IVUs1jr

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2360	bbb4599beedabf0c14b01f19fe14c057.exe

Executes dropped EXE 1 IoCs

pid	Process
2360	bbb4599beedabf0c14b01f19fe14c057.exe

Loads dropped DLL 1 IoCs

pid	Process
1704	bbb4599beedabf0c14b01f19fe14c057.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1704-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012257-13.dat	upx
behavioral1/files/0x000b000000012257-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1704	bbb4599beedabf0c14b01f19fe14c057.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1704	bbb4599beedabf0c14b01f19fe14c057.exe
2360	bbb4599beedabf0c14b01f19fe14c057.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2360	1704	bbb4599beedabf0c14b01f19fe14c057.exe	28
PID 1704 wrote to memory of 2360	1704	bbb4599beedabf0c14b01f19fe14c057.exe	28
PID 1704 wrote to memory of 2360	1704	bbb4599beedabf0c14b01f19fe14c057.exe	28
PID 1704 wrote to memory of 2360	1704	bbb4599beedabf0c14b01f19fe14c057.exe	28

C:\Users\Admin\AppData\Local\Temp\bbb4599beedabf0c14b01f19fe14c057.exe
"C:\Users\Admin\AppData\Local\Temp\bbb4599beedabf0c14b01f19fe14c057.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Users\Admin\AppData\Local\Temp\bbb4599beedabf0c14b01f19fe14c057.exe
  C:\Users\Admin\AppData\Local\Temp\bbb4599beedabf0c14b01f19fe14c057.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\bbb4599beedabf0c14b01f19fe14c057.exe

Filesize
2.4MB

MD5
bb12bde4180e6fedc16c69eb149f2b0c

SHA1
a3c6422f627eb0bc52c049d299708e10132f1298

SHA256
337f1095b5db7c426759ebb0e37c6e9848642dde1dab084b02fbe7f2656cb805

SHA512
9e247cebe0a1bef40a661aaea5aa9c1590a5d13acf39766e999e8671532270294a11f54aef3aa66507ca29fdd9f8f78373345450c667a1c33049cdf9c77a48ab

Download Submit
memory/1704-16-0x0000000003830000-0x0000000003D1F000-memory.dmp

Filesize
4.9MB

Download
memory/1704-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1704-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1704-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1704-2-0x00000000002C0000-0x00000000003F3000-memory.dmp

Filesize
1.2MB

Download
memory/1704-32-0x0000000003830000-0x0000000003D1F000-memory.dmp

Filesize
4.9MB

Download
memory/2360-19-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2360-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2360-22-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2360-25-0x00000000034E0000-0x000000000370A000-memory.dmp

Filesize
2.2MB

Download
memory/2360-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2360-33-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download