Analysis

  • max time kernel
    119s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10/03/2024, 22:54

General

  • Target

    bf2c623b725540d0fa1440c30266a791.exe

  • Size

    2.6MB

  • MD5

    bf2c623b725540d0fa1440c30266a791

  • SHA1

    89cd88f8b752b8631a008c033ee7d213e853e183

  • SHA256

    70d019a374b0d3f2c9afe89c422fbd5300ae767afb04e6876a26db5cce3ad784

  • SHA512

    342890097ae06403f2e4817830f08ef0f65990c0083d0a08ba0338e031b18f12cde8735d3e30db03f1e04e722f30e300349c5adf58d580f9d7bdaf154ee13bca

  • SSDEEP

    49152:ToDL9xOF57DKktdHsBlZW9pHjtYY7IsL+jKVb/ay3:8i7DZ3SlWtN3iUD3

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Modifies system certificate store 2 TTPs 4 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf2c623b725540d0fa1440c30266a791.exe
    "C:\Users\Admin\AppData\Local\Temp\bf2c623b725540d0fa1440c30266a791.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:1660
    • C:\Users\Admin\AppData\Local\Temp\bf2c623b725540d0fa1440c30266a791.exe
      C:\Users\Admin\AppData\Local\Temp\bf2c623b725540d0fa1440c30266a791.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious use of UnmapMainImage
      PID:1624

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\bf2c623b725540d0fa1440c30266a791.exe

          Filesize

          2.4MB

          MD5

          7c8ff9b2d04541a1f69bd48f1dbadfc1

          SHA1

          84f36c5cac17d054183ba7f8bd75534d48cc6604

          SHA256

          4f4ae0037cd7283b99cac50f3763fe18760ae21eec0fc2715519b18878087fbf

          SHA512

          137e258fb45ae7abbfb904b36325037ec749ac2298adf62c923d561b35f99845bb3a2e69a0731ad65cdb1ff95e6108bdfa9e2ecf7af08084bb173622a35cff46

        • \Users\Admin\AppData\Local\Temp\bf2c623b725540d0fa1440c30266a791.exe

          Filesize

          2.5MB

          MD5

          cebae0ab4c118ad70f80826a3e48801f

          SHA1

          d360d34b1d8c4d73d9f6b31ba2d71a4692f795e8

          SHA256

          26d0a9b28c40adf894c6122ab03d41a062db173c1d3441bacf814c14f584ff9f

          SHA512

          ea52c4363f7df0e70151ab4ccd86d3176c3bf3ad89e3b24a13df9a7fc70fcd7b4c2e8d1f80b1e35a38f263174e986400ce1fca5769fae834e0e552076a651319

        • memory/1624-18-0x0000000000400000-0x0000000000D9E000-memory.dmp

          Filesize

          9.6MB

        • memory/1624-20-0x00000000021D0000-0x000000000242A000-memory.dmp

          Filesize

          2.4MB

        • memory/1624-34-0x0000000000400000-0x0000000000D9E000-memory.dmp

          Filesize

          9.6MB

        • memory/1660-1-0x0000000000400000-0x0000000000D9E000-memory.dmp

          Filesize

          9.6MB

        • memory/1660-0-0x0000000000400000-0x0000000000605000-memory.dmp

          Filesize

          2.0MB

        • memory/1660-2-0x0000000001FA0000-0x00000000021FA000-memory.dmp

          Filesize

          2.4MB

        • memory/1660-14-0x0000000000400000-0x0000000000605000-memory.dmp

          Filesize

          2.0MB

        • memory/1660-16-0x00000000038A0000-0x000000000423E000-memory.dmp

          Filesize

          9.6MB

        • memory/1660-33-0x00000000038A0000-0x000000000423E000-memory.dmp

          Filesize

          9.6MB