5f45eafd67a69f292f2abef051204ed531aeb41af96cd9c89c403383c6823459

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd802f5a6036c0b884eeabbb2cfd7973.exe
Size

2.7MB
MD5

bd802f5a6036c0b884eeabbb2cfd7973
SHA1

0cfe5439721f8f4014b936adc0680e10b742f217
SHA256

5f45eafd67a69f292f2abef051204ed531aeb41af96cd9c89c403383c6823459
SHA512

d4701770fa053bf2e33c0812e54a3a9e458f1758e109202451885adb58f0364d519dad74d18102c0ae28aba8f47b6f9761025690a6e9d020a666fc1b12e6530d
SSDEEP

49152:EznAyE26+GRIeOeaA/ZVQh4fKWwkHkETaYSONmqMQOwBcfp:EjFBLYjO2gh4fKBkHPR7NtvOw2fp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1336	bd802f5a6036c0b884eeabbb2cfd7973.exe

Executes dropped EXE 1 IoCs

pid	Process
1336	bd802f5a6036c0b884eeabbb2cfd7973.exe

Loads dropped DLL 1 IoCs

pid	Process
1912	bd802f5a6036c0b884eeabbb2cfd7973.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1912-2-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000800000001222c-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1912	bd802f5a6036c0b884eeabbb2cfd7973.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1912	bd802f5a6036c0b884eeabbb2cfd7973.exe
1336	bd802f5a6036c0b884eeabbb2cfd7973.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 1336	1912	bd802f5a6036c0b884eeabbb2cfd7973.exe	28
PID 1912 wrote to memory of 1336	1912	bd802f5a6036c0b884eeabbb2cfd7973.exe	28
PID 1912 wrote to memory of 1336	1912	bd802f5a6036c0b884eeabbb2cfd7973.exe	28
PID 1912 wrote to memory of 1336	1912	bd802f5a6036c0b884eeabbb2cfd7973.exe	28

C:\Users\Admin\AppData\Local\Temp\bd802f5a6036c0b884eeabbb2cfd7973.exe
"C:\Users\Admin\AppData\Local\Temp\bd802f5a6036c0b884eeabbb2cfd7973.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Users\Admin\AppData\Local\Temp\bd802f5a6036c0b884eeabbb2cfd7973.exe
  C:\Users\Admin\AppData\Local\Temp\bd802f5a6036c0b884eeabbb2cfd7973.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1336

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\bd802f5a6036c0b884eeabbb2cfd7973.exe

Filesize
2.7MB

MD5
7610c0c59f518a52b3fb94e37b82053c

SHA1
8cc7c3195b3f7e95767e637b1b553743ebdf577d

SHA256
6e54e1be2dfc3d51492fae73efda2417800cb4361b6ea229a0dc4676bdc0d886

SHA512
9c9e46f6f99ff76b5ae8763e2f367a36e66062df96a233571f5da4a694956ae2ca2e4429fbb8189f5655750695a0484b291b8415595c2f25c32502b3fd3765ee

Download Submit
memory/1336-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1336-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1336-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1336-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/1336-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1336-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1912-4-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/1912-2-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1912-15-0x0000000003910000-0x0000000003DFF000-memory.dmp

Filesize
4.9MB

Download
memory/1912-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1912-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1912-31-0x0000000003910000-0x0000000003DFF000-memory.dmp

Filesize
4.9MB

Download