18057df306473592945254ad0454d27fba6e4e142109e789d885d399c73c84fb

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5b42d9f83652fcd8b398fa1650869d3.exe
Size

2.7MB
MD5

d5b42d9f83652fcd8b398fa1650869d3
SHA1

8eeecda89e26ff0011701c5acc0c5c28189f7c17
SHA256

18057df306473592945254ad0454d27fba6e4e142109e789d885d399c73c84fb
SHA512

03452a51c644713a5e2ed2ea8acfd850181d41615e5cb7468c15db37c8079d4e0a91c151bbee1992a4bc79fc802e05623488b7ed9266fda03bea05d019c701cf
SSDEEP

49152:cgnT8k6kZ5lzDen2B3P7My8hLR9DwqUvhYFe6SxTQOQKW7JHQ2y6yTOcdxUvs+Rt:RTvZbOip8hLHDwzvhH6SRVQKW1wGExUn

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2904	d5b42d9f83652fcd8b398fa1650869d3.exe

Executes dropped EXE 1 IoCs

pid	Process
2904	d5b42d9f83652fcd8b398fa1650869d3.exe

Loads dropped DLL 1 IoCs

pid	Process
3024	d5b42d9f83652fcd8b398fa1650869d3.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3024-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b00000001224e-13.dat	upx
behavioral1/files/0x000b00000001224e-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3024	d5b42d9f83652fcd8b398fa1650869d3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3024	d5b42d9f83652fcd8b398fa1650869d3.exe
2904	d5b42d9f83652fcd8b398fa1650869d3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2904	3024	d5b42d9f83652fcd8b398fa1650869d3.exe	28
PID 3024 wrote to memory of 2904	3024	d5b42d9f83652fcd8b398fa1650869d3.exe	28
PID 3024 wrote to memory of 2904	3024	d5b42d9f83652fcd8b398fa1650869d3.exe	28
PID 3024 wrote to memory of 2904	3024	d5b42d9f83652fcd8b398fa1650869d3.exe	28

C:\Users\Admin\AppData\Local\Temp\d5b42d9f83652fcd8b398fa1650869d3.exe
"C:\Users\Admin\AppData\Local\Temp\d5b42d9f83652fcd8b398fa1650869d3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Users\Admin\AppData\Local\Temp\d5b42d9f83652fcd8b398fa1650869d3.exe
  C:\Users\Admin\AppData\Local\Temp\d5b42d9f83652fcd8b398fa1650869d3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d5b42d9f83652fcd8b398fa1650869d3.exe

Filesize
1.9MB

MD5
41c412e1c6c59a52a284a240b2a19bbb

SHA1
876ec9c3c896bfe079322f2abc7a8936f0eea2a1

SHA256
ce10df3051add9c489c05f5d94d422fb3d677b19ee0d40bf760834c03e2ad27f

SHA512
b17ba579b679a002b3c6fd63a8fb42aa74ddc19e3ed356c6a151b48f289741df9da8f9a65dca0b98d980b1810d59019579663b01d85936193e05f76b53eebc13

Download Submit
\Users\Admin\AppData\Local\Temp\d5b42d9f83652fcd8b398fa1650869d3.exe

Filesize
2.1MB

MD5
66d2d7cdf9c23e6aa7217331d41442e9

SHA1
5ce9e016194e2e3af30e07d0d6082986ec3a3533

SHA256
bff8cf444140f55598bbc9be1bfc766ed7d375b4ad4c9d022b57b271b6126eb9

SHA512
c7811974447927f6e775258a2f0d327fd9a760eb53e6a66fd828149bf59e3b4ffeb64096417aeeec33bcb1aa58c7aabf88d034badb910a11065efeebda42e7e4

Download Submit
memory/2904-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2904-18-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2904-20-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2904-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2904-25-0x0000000003410000-0x0000000003632000-memory.dmp

Filesize
2.1MB

Download
memory/2904-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3024-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3024-2-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/3024-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3024-15-0x00000000038B0000-0x0000000003D97000-memory.dmp

Filesize
4.9MB

Download
memory/3024-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3024-31-0x00000000038B0000-0x0000000003D97000-memory.dmp

Filesize
4.9MB

Download