899cd9c961013ee14f575b380d16beeb408cb55757572c118852eb356c2ab832

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 11:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cb3f41cbae924c23360b9addd995350b.exe
Size

2.7MB
MD5

cb3f41cbae924c23360b9addd995350b
SHA1

69de74e5634210e5c483e9f51a3eead29a54604d
SHA256

899cd9c961013ee14f575b380d16beeb408cb55757572c118852eb356c2ab832
SHA512

56e86f082a4ee997acf1545367d6c858732585684268e6ff15d9c9c06cab28218998dc9ab623df63713ede239e2f033a228864749d2c500592db0a8184f138a7
SSDEEP

49152:qG+Oi1BJguLO80REj851k0N+GuQWQnvTgXBlT6OHyKHKg58HQ5Ok:qxJguLoREjU1kJQWQvEXBlT6OHVNy+O

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2292	cb3f41cbae924c23360b9addd995350b.exe

Executes dropped EXE 1 IoCs

pid	Process
2292	cb3f41cbae924c23360b9addd995350b.exe

Loads dropped DLL 1 IoCs

pid	Process
2528	cb3f41cbae924c23360b9addd995350b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2528-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000c00000001224f-14.dat	upx
behavioral1/files/0x000c00000001224f-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2528	cb3f41cbae924c23360b9addd995350b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2528	cb3f41cbae924c23360b9addd995350b.exe
2292	cb3f41cbae924c23360b9addd995350b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2292	2528	cb3f41cbae924c23360b9addd995350b.exe	28
PID 2528 wrote to memory of 2292	2528	cb3f41cbae924c23360b9addd995350b.exe	28
PID 2528 wrote to memory of 2292	2528	cb3f41cbae924c23360b9addd995350b.exe	28
PID 2528 wrote to memory of 2292	2528	cb3f41cbae924c23360b9addd995350b.exe	28

C:\Users\Admin\AppData\Local\Temp\cb3f41cbae924c23360b9addd995350b.exe
"C:\Users\Admin\AppData\Local\Temp\cb3f41cbae924c23360b9addd995350b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Users\Admin\AppData\Local\Temp\cb3f41cbae924c23360b9addd995350b.exe
  C:\Users\Admin\AppData\Local\Temp\cb3f41cbae924c23360b9addd995350b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cb3f41cbae924c23360b9addd995350b.exe

Filesize
704KB

MD5
969619f513749533575016a25dd7ded9

SHA1
da4b96742cfb4df4fe4a4bda8e5d4150e5f097f4

SHA256
89ae88a59c34ca887b0b074d3d4412cea35049eccd21e061b6ae390f923040a3

SHA512
e014e18b633e836b67d02b8d4248cc0fd80be8a5441352d2e8104faad04ff9bce7c158dbc20fdd14d120badbcdb523299c18908fc0abba828ee8062672d9411c

Download Submit
\Users\Admin\AppData\Local\Temp\cb3f41cbae924c23360b9addd995350b.exe

Filesize
896KB

MD5
4f0c22836d84d8292d2e0caf30a7bb38

SHA1
3673a782626fe85496d7c3405e9344900303bee7

SHA256
20b58ddb27065ddf5603f7a5f3104efa0c899b5ebc4722b1dd6896e653967fe4

SHA512
425e590f683246733f22db1ae897d938df069ae9dd1a5085ebbf9178a15b84a0a1261df5b9db58ba1ba39cbe41bdda8ea8156e5e68a852ec5db02a7529cc3287

Download Submit
memory/2292-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2292-19-0x00000000002D0000-0x00000000003E2000-memory.dmp

Filesize
1.1MB

Download
memory/2292-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2292-25-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2528-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2528-3-0x00000000002B0000-0x00000000003C2000-memory.dmp

Filesize
1.1MB

Download
memory/2528-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2528-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download