6cc2d36569d8b62e94c88f958ff7bffa0a6ccaf2f2aa2045d2aae591565e1c13

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-03-2024 05:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bfe98ccf1fe3f9c43af64cbf1dda9812.exe
Size

5.3MB
MD5

bfe98ccf1fe3f9c43af64cbf1dda9812
SHA1

64cade40efbecb4544632361053b6dea231161da
SHA256

6cc2d36569d8b62e94c88f958ff7bffa0a6ccaf2f2aa2045d2aae591565e1c13
SHA512

36caae92fc0ca30aacf5bbb40e25ca510b0b9ff3cd683bceaf06ecbdfefd449b2bd328598e35f9084bea69df0adce2a9e5413c5cdff8e5084c2959e663719f74
SSDEEP

98304:Q5PxIudMWRD6eiEtmBm5zBqX5EglAqrn5OIQiHBGn5HOMJesq4ArQP0YBqX5EglZ:QNx25eFLgOqrn5OoG59e2Am0+gOqrn5B

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2232	bfe98ccf1fe3f9c43af64cbf1dda9812.exe

Executes dropped EXE 1 IoCs

pid	Process
2232	bfe98ccf1fe3f9c43af64cbf1dda9812.exe

Loads dropped DLL 1 IoCs

pid	Process
1152	bfe98ccf1fe3f9c43af64cbf1dda9812.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1152-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012241-10.dat	upx
behavioral1/files/0x000c000000012241-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1152	bfe98ccf1fe3f9c43af64cbf1dda9812.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1152	bfe98ccf1fe3f9c43af64cbf1dda9812.exe
2232	bfe98ccf1fe3f9c43af64cbf1dda9812.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2232	1152	bfe98ccf1fe3f9c43af64cbf1dda9812.exe	28
PID 1152 wrote to memory of 2232	1152	bfe98ccf1fe3f9c43af64cbf1dda9812.exe	28
PID 1152 wrote to memory of 2232	1152	bfe98ccf1fe3f9c43af64cbf1dda9812.exe	28
PID 1152 wrote to memory of 2232	1152	bfe98ccf1fe3f9c43af64cbf1dda9812.exe	28

C:\Users\Admin\AppData\Local\Temp\bfe98ccf1fe3f9c43af64cbf1dda9812.exe
"C:\Users\Admin\AppData\Local\Temp\bfe98ccf1fe3f9c43af64cbf1dda9812.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Users\Admin\AppData\Local\Temp\bfe98ccf1fe3f9c43af64cbf1dda9812.exe
  C:\Users\Admin\AppData\Local\Temp\bfe98ccf1fe3f9c43af64cbf1dda9812.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bfe98ccf1fe3f9c43af64cbf1dda9812.exe

Filesize
141KB

MD5
1b309e614207f773109217dfa51ed93f

SHA1
9fb0a05e6703bedbb2edbcdabef858bda21268b3

SHA256
d2a64c7f49966156b019d812464fa8c50021d59d0d0c2e87ba98dc39476db16b

SHA512
61df7945da610809669e4a6b561a06c9b1cec556ace1041754c011dea1065703927f487ce52ab50012e539bdf225e27a5d3b766a577073e318a386fd02e17d41

Download Submit
\Users\Admin\AppData\Local\Temp\bfe98ccf1fe3f9c43af64cbf1dda9812.exe

Filesize
521KB

MD5
0a0901e8017d95d04c7f6b4e02797eaa

SHA1
10364adee5771b732864061120f9ad226db4bd0e

SHA256
e72a0e63e6bf83de2a829f70b737070a527ae4a291de4df119c38b501250c5b7

SHA512
2987107595f5e23441452d37cc536443f9091e8bb27d23f33075829ae07265a27fc779cb0d6ac2f5568d289395ca1b393a5f153468d6496514fc42f86fa87df3

Download Submit
memory/1152-15-0x0000000003E60000-0x000000000434F000-memory.dmp

Filesize
4.9MB

Download
memory/1152-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1152-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1152-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1152-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1152-31-0x0000000003E60000-0x000000000434F000-memory.dmp

Filesize
4.9MB

Download
memory/2232-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2232-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2232-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2232-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2232-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2232-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download