Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-03-2024 16:03

General

  • Target

    bf0572ca02e3b0f6253fc426cf2dc545.exe

  • Size

    5.1MB

  • MD5

    bf0572ca02e3b0f6253fc426cf2dc545

  • SHA1

    d7bf745c2b1af851aca77e29b8cf04a664d85e55

  • SHA256

    f9c3766679e9a1f4bd360eddec8b5ab40f87e1dc1b19a63526093e24ddd394db

  • SHA512

    e44fa7f8fd98963ce9253f3873de27186bbd62f88b18bc0cac3573114636e83607ce750132cab5e4196432766cfc0094c14c8c051952603a52032d9f186acdb4

  • SSDEEP

    49152:Jch9oWU8KMy1+pr9gabZAEgRqHI4NDbS9RY/BHay3UByeaq3IAgKOuzdV+sRHS0v:Jo9oLO53ASHIi3O48IUTH3

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Modifies system certificate store 2 TTPs 4 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf0572ca02e3b0f6253fc426cf2dc545.exe
    "C:\Users\Admin\AppData\Local\Temp\bf0572ca02e3b0f6253fc426cf2dc545.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Users\Admin\AppData\Local\Temp\bf0572ca02e3b0f6253fc426cf2dc545.exe
      C:\Users\Admin\AppData\Local\Temp\bf0572ca02e3b0f6253fc426cf2dc545.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Modifies system certificate store
      • Suspicious use of UnmapMainImage
      PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\bf0572ca02e3b0f6253fc426cf2dc545.exe

    Filesize

    4.3MB

    MD5

    d2e303404c36e64a25089a9c433c8269

    SHA1

    da4ca5c5c03e0f5246b5249f0b8b4419a0a4f278

    SHA256

    d355131def9ae2a46c7b5caabf8572afee1a8ada04c6eebccddf235e796009f2

    SHA512

    5bc08381f0d2357c38d921c04a75a3d50bc19885a9738069c6811f156d2be671aead47c590ade5ed62531cb69b37d8e8dbede6823176b56a02527cfd72db3140

  • \Users\Admin\AppData\Local\Temp\bf0572ca02e3b0f6253fc426cf2dc545.exe

    Filesize

    2.2MB

    MD5

    7622675b4d0156494bee32fa29dbcc57

    SHA1

    04f227e1ab155b246700143b12007df2602c03d3

    SHA256

    157d44bd9bd6e9a559ad0a845502896814a3b6d9a174593307d4ab27a74cc6dc

    SHA512

    ca7a7bdfb9a25021a9bce51bb4f9502378247a92b7810fc4da1b1c9a16871a22105e1faf03f68510fc22272f37460fbe34a1bc6da4376c90725e971b284397b5

  • memory/2860-0-0x0000000000400000-0x0000000000605000-memory.dmp

    Filesize

    2.0MB

  • memory/2860-1-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

  • memory/2860-3-0x0000000001FA0000-0x00000000021FA000-memory.dmp

    Filesize

    2.4MB

  • memory/2860-14-0x0000000000400000-0x0000000000605000-memory.dmp

    Filesize

    2.0MB

  • memory/2860-16-0x0000000004060000-0x00000000049FE000-memory.dmp

    Filesize

    9.6MB

  • memory/2860-43-0x0000000004060000-0x00000000049FE000-memory.dmp

    Filesize

    9.6MB

  • memory/2864-17-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB

  • memory/2864-19-0x0000000001FA0000-0x00000000021FA000-memory.dmp

    Filesize

    2.4MB

  • memory/2864-44-0x0000000000400000-0x0000000000D9E000-memory.dmp

    Filesize

    9.6MB