c26fd40f707b9f91fc3524f716ea9e858de4f41e967e36f88096918674536198

Analysis

max time kernel
119s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-03-2024 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be510ec344af1ec3b9fc71a14c592f6b.exe
Size

5.8MB
MD5

be510ec344af1ec3b9fc71a14c592f6b
SHA1

e3382bbd2e7c8ac171048c4fb15bcfba5931aeba
SHA256

c26fd40f707b9f91fc3524f716ea9e858de4f41e967e36f88096918674536198
SHA512

733c8e4558ed685196f53fb44377df2fe06a41e21a1775cba6265dc8060fa64974a95e548c126b0093e9425358b13c5dbc64d0127f54f829f792851ece8276f9
SSDEEP

98304:vnyq2iy3sPYJgg3gnl/IVUs1jePsxLTCEXIDSdVfHPJ7zh0ygg3gnl/IVUs1jePs:693swPgl/iBiPeTCEXamxHP70Wgl/iBg

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3004	be510ec344af1ec3b9fc71a14c592f6b.exe

Executes dropped EXE 1 IoCs

pid	Process
3004	be510ec344af1ec3b9fc71a14c592f6b.exe

Loads dropped DLL 1 IoCs

pid	Process
1832	be510ec344af1ec3b9fc71a14c592f6b.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1832-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c0000000133c5-14.dat	upx
behavioral1/files/0x000c0000000133c5-10.dat	upx
behavioral1/memory/3004-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1832	be510ec344af1ec3b9fc71a14c592f6b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1832	be510ec344af1ec3b9fc71a14c592f6b.exe
3004	be510ec344af1ec3b9fc71a14c592f6b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 3004	1832	be510ec344af1ec3b9fc71a14c592f6b.exe	27
PID 1832 wrote to memory of 3004	1832	be510ec344af1ec3b9fc71a14c592f6b.exe	27
PID 1832 wrote to memory of 3004	1832	be510ec344af1ec3b9fc71a14c592f6b.exe	27
PID 1832 wrote to memory of 3004	1832	be510ec344af1ec3b9fc71a14c592f6b.exe	27

C:\Users\Admin\AppData\Local\Temp\be510ec344af1ec3b9fc71a14c592f6b.exe
"C:\Users\Admin\AppData\Local\Temp\be510ec344af1ec3b9fc71a14c592f6b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Users\Admin\AppData\Local\Temp\be510ec344af1ec3b9fc71a14c592f6b.exe
  C:\Users\Admin\AppData\Local\Temp\be510ec344af1ec3b9fc71a14c592f6b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\be510ec344af1ec3b9fc71a14c592f6b.exe

Filesize
1.4MB

MD5
0b8397a9dc1983ec495e8e47548a77aa

SHA1
05abd9a9c23c51558ca5b9245bd0763a8deb306d

SHA256
53814e2b6eba29814bcb1e135dfdf4a9282ee1f502aaa8c42d353a594992465e

SHA512
fb2714c550f3850ff26f4cb5b4195a7d224aaa5af7503ae1073a2f286c56cf8167a3a81a4e3fc615c05d1ed2e2661a337b2496057ba9fdcd25a87984d75b4857

Download Submit
\Users\Admin\AppData\Local\Temp\be510ec344af1ec3b9fc71a14c592f6b.exe

Filesize
1.4MB

MD5
64f0e9f2b2a5f686e3edb8d336b4b87f

SHA1
db857d2b9aa8f42b073fd41d6fd7411256061353

SHA256
2eefe2c516625872b4b6f87d8090c849b12f5f85b73832162b7cef91a719eecd

SHA512
58ba6cd8d6f7987f1b2f2d0aa338eb9d51e5481cb9f1c7c333aae126bab95e87b4390ff4d88ea14ef7e9e87f7faa20ca073aef1e48aa32ddc4f674c0116857e7

Download Submit
memory/1832-15-0x0000000003DC0000-0x00000000042AF000-memory.dmp

Filesize
4.9MB

Download
memory/1832-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1832-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1832-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1832-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/1832-31-0x0000000003DC0000-0x00000000042AF000-memory.dmp

Filesize
4.9MB

Download
memory/3004-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3004-17-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3004-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3004-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3004-24-0x00000000036F0000-0x000000000391A000-memory.dmp

Filesize
2.2MB

Download
memory/3004-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download