3b4a149f093ca68928c8bf274de7d2c868002d31dc2b20a2007c13d805a27069

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 14:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cba51ad11fce7be8419d81dbd783bb38.exe
Size

11.4MB
MD5

cba51ad11fce7be8419d81dbd783bb38
SHA1

dfc0ed60ff2638414a98102d21be2a281ae08d18
SHA256

3b4a149f093ca68928c8bf274de7d2c868002d31dc2b20a2007c13d805a27069
SHA512

b8bbcc0213951c874c50e93884f40fbb231c310227961980625498e216a7d2414498e11239b63691e82111b56e73d8bac9d1ac780680f5c0d7deab97d8e25767
SSDEEP

196608:TBTbd8auq1jI86FA7y2auq1jI86oDdr58rJjauq1jI86FA7y2auq1jI86B:hOlHSzlHmdyZlHSzlHB

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2596	cba51ad11fce7be8419d81dbd783bb38.exe

Executes dropped EXE 1 IoCs

pid	Process
2596	cba51ad11fce7be8419d81dbd783bb38.exe

Loads dropped DLL 1 IoCs

pid	Process
2280	cba51ad11fce7be8419d81dbd783bb38.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2280-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001224c-13.dat	upx
behavioral1/memory/2596-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001224c-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2280	cba51ad11fce7be8419d81dbd783bb38.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2280	cba51ad11fce7be8419d81dbd783bb38.exe
2596	cba51ad11fce7be8419d81dbd783bb38.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 2596	2280	cba51ad11fce7be8419d81dbd783bb38.exe	28
PID 2280 wrote to memory of 2596	2280	cba51ad11fce7be8419d81dbd783bb38.exe	28
PID 2280 wrote to memory of 2596	2280	cba51ad11fce7be8419d81dbd783bb38.exe	28
PID 2280 wrote to memory of 2596	2280	cba51ad11fce7be8419d81dbd783bb38.exe	28

C:\Users\Admin\AppData\Local\Temp\cba51ad11fce7be8419d81dbd783bb38.exe
"C:\Users\Admin\AppData\Local\Temp\cba51ad11fce7be8419d81dbd783bb38.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Users\Admin\AppData\Local\Temp\cba51ad11fce7be8419d81dbd783bb38.exe
  C:\Users\Admin\AppData\Local\Temp\cba51ad11fce7be8419d81dbd783bb38.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2596

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cba51ad11fce7be8419d81dbd783bb38.exe

Filesize
1.6MB

MD5
e9b72a03401bc34b68c114ebfcfd5b6a

SHA1
18798202ed9cae61e59df4e0e2773ca71bf2b627

SHA256
cb4222273c2be6ff40a5ce78d619ce5196e9a9f601fc3bc933e05b6cffe56aa5

SHA512
362b26ba94d709adddb100ebe6a8cff4a8c315fd26215e4e850b8eda106a1ea66dc5ad3fb510ea001056118b85b9db4a89353a5564c8e2b949b7e1f8cceea707

Download Submit
\Users\Admin\AppData\Local\Temp\cba51ad11fce7be8419d81dbd783bb38.exe

Filesize
2.0MB

MD5
c1652c635de462647bcd86f6aef1d677

SHA1
6fc061d9d476bae2ea78c4f9d4a23bf31fc028a5

SHA256
33c2b24331760fe4c6b4c16936976b606cf9a2b1b95affd472327494dbc5784a

SHA512
a7c472a4c39d731b217f8590da87fc4d9f55dbfc4ef01629e21bdf6178e0b17dfe40e53942d43777f1dc3cd39558e13470029993e8d268f50d2a543ee2b52309

Download Submit
memory/2280-3-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2280-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2280-15-0x00000000048F0000-0x0000000004DDF000-memory.dmp

Filesize
4.9MB

Download
memory/2280-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2280-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2280-31-0x00000000048F0000-0x0000000004DDF000-memory.dmp

Filesize
4.9MB

Download
memory/2596-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2596-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2596-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2596-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2596-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2596-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download