7118c0c253e893479e31ebd9cf70377695079811c0b6fc3cdfe20515ba69a0af

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bbd08659528e4949b7e54c6df2e705cf.exe
Size

2.7MB
MD5

bbd08659528e4949b7e54c6df2e705cf
SHA1

6eadc56a6f9cc3d7a7ac61d7c082e138e7a0762c
SHA256

7118c0c253e893479e31ebd9cf70377695079811c0b6fc3cdfe20515ba69a0af
SHA512

fa1a86e702b0e95d99a38993aa95200e7e6549945c0dc97a1fe0779be06c1ebc376384d73c539e7bc3971bb16632c1ffa6dae6bb5ada9543e727e6edad6c6064
SSDEEP

49152:kSZ0pvYcW5Epxz7xdsJwCJ82m4qHJh9LPLoQa3uuHaBVAjGbfG3qOLVmf:ypvYcW5yh1dqzJ8n4qxrL/a3b6BI4O3C

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2328	bbd08659528e4949b7e54c6df2e705cf.exe

Executes dropped EXE 1 IoCs

pid	Process
2328	bbd08659528e4949b7e54c6df2e705cf.exe

Loads dropped DLL 1 IoCs

pid	Process
2988	bbd08659528e4949b7e54c6df2e705cf.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2988-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001224d-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2988	bbd08659528e4949b7e54c6df2e705cf.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2988	bbd08659528e4949b7e54c6df2e705cf.exe
2328	bbd08659528e4949b7e54c6df2e705cf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2328	2988	bbd08659528e4949b7e54c6df2e705cf.exe	28
PID 2988 wrote to memory of 2328	2988	bbd08659528e4949b7e54c6df2e705cf.exe	28
PID 2988 wrote to memory of 2328	2988	bbd08659528e4949b7e54c6df2e705cf.exe	28
PID 2988 wrote to memory of 2328	2988	bbd08659528e4949b7e54c6df2e705cf.exe	28

C:\Users\Admin\AppData\Local\Temp\bbd08659528e4949b7e54c6df2e705cf.exe
"C:\Users\Admin\AppData\Local\Temp\bbd08659528e4949b7e54c6df2e705cf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Users\Admin\AppData\Local\Temp\bbd08659528e4949b7e54c6df2e705cf.exe
  C:\Users\Admin\AppData\Local\Temp\bbd08659528e4949b7e54c6df2e705cf.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\bbd08659528e4949b7e54c6df2e705cf.exe

Filesize
2.7MB

MD5
4ce0e1f80b2b01329a040b58671e8e4b

SHA1
b3b0c65a547d0f9a30bd3a2dda3954e1ad80b1e8

SHA256
d72ad427242a5788d0109d089f3685cde93ff14045b501f7299d26b4cec3999a

SHA512
f127bd8edd9d81fb30a22979d71c993f7e89b9eb93d7d04768c76a2cce678aea31095873e960cc5841864c8723ff804633322de8969730d7780c3201e5149597

Download Submit
memory/2328-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2328-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2328-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2328-21-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/2328-24-0x00000000034F0000-0x000000000371A000-memory.dmp

Filesize
2.2MB

Download
memory/2328-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2988-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2988-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2988-16-0x0000000003760000-0x0000000003C4F000-memory.dmp

Filesize
4.9MB

Download
memory/2988-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2988-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2988-31-0x0000000003760000-0x0000000003C4F000-memory.dmp

Filesize
4.9MB

Download