e1999be21a2a9ea34886bac057ff95492abee2d52d0bf75029d24e877918bddb

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-11-2024 15:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RustBypass.exe
Size

75.4MB
MD5

91e4e0fa83452af2bf5aad90289f1ef9
SHA1

9e97b506aa9f5e3cc06c87ba63acc2ac56d43cfe
SHA256

e1999be21a2a9ea34886bac057ff95492abee2d52d0bf75029d24e877918bddb
SHA512

dc0c188cf8302097b9ea0578000dba4dfc96b17b89f7c498c27a592107313ac71107f1173a6cd029fe502977e3c8f5a9d3fb0202ef762d76fb4f1852d989d12f
SSDEEP

1572864:p1lLWboSk8IpG7V+VPhqqxE7LlhpBB8iYweyJulZUdgP75oCizwvJZH1O3:p1BaoSkB05awqeLpnNpur7GC0+rO3

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 10 IoCs

pid	Process
1208	RustBypass.exe
1208	RustBypass.exe
1208	RustBypass.exe
1208	RustBypass.exe
1208	RustBypass.exe
1208	RustBypass.exe
1208	RustBypass.exe
1208	RustBypass.exe
1208	RustBypass.exe
1208	RustBypass.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000020b27-1322.dat	upx
behavioral1/memory/1208-1324-0x000007FEF5F00000-0x000007FEF65C5000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 1208	2848	RustBypass.exe	31
PID 2848 wrote to memory of 1208	2848	RustBypass.exe	31
PID 2848 wrote to memory of 1208	2848	RustBypass.exe	31

C:\Users\Admin\AppData\Local\Temp\RustBypass.exe
"C:\Users\Admin\AppData\Local\Temp\RustBypass.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Users\Admin\AppData\Local\Temp\RustBypass.exe
  "C:\Users\Admin\AppData\Local\Temp\RustBypass.exe"
  2⤵
  - Loads dropped DLL
  PID:1208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI28482\api-ms-win-core-fibers-l1-1-1.dll

Filesize
21KB

MD5
a9eb4528cfb8b68a8019cf042a432be0

SHA1
a09167d41663e5fe9a2aef9a961ebb74b5c36a7e

SHA256
6599741ffe12d3e90ef2b456b64cee90425ff995bc0d1c3cd9c754ddba6697ae

SHA512
c70396bbe2cbb56ec4515bc6ab10256e9128c06a1259ac1aaf581b8d5774cab2556ca918279bb3f253cc7c6c3f257fc88c9f7de7e372aaa43b3f16f2f34a14d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28482\api-ms-win-core-file-l2-1-0.dll

Filesize
21KB

MD5
1af89d885b7ae99c8606ade0526b47b3

SHA1
db2500d74a091a3ecc85f0782cc6762e5b4aa4cf

SHA256
1d2f1efefd0a802190f0257aac7e1589d08ffbaea550c561c69c1827e57b55e7

SHA512
9b770986ef15fd3f0a2023765a56ca6b3d89a5d6f34163b52c109ffbc277f514517e0706a77efbe491ad4b47e6bb80579c5c7140e3f1d741978a82ab7723d633

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28482\api-ms-win-core-kernel32-legacy-l1-1-1.dll

Filesize
21KB

MD5
44817e9ccab999e546df2aacd7af48fd

SHA1
36216e38e32f49bc8108ba1ef8be42da57c9c49f

SHA256
82bb3c053e3c8f4ed9127d3a4d0d5bea73d13b98a023073ea0f039ca96405c09

SHA512
d951c3a72cd298bb4891bfceade2ebaca3e4c6b22d16210dbfca41aaee233c69bbf3d7e1c4d8d00819bf3944bb808d6a8e8daa784f48382b2698134162ac21ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28482\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
e9dcf789b4bccfd612137d47194ab7c6

SHA1
54fd5eaed44762187460cf59559c5cf3394d1277

SHA256
2fb638be18863ef6077fef2b7f4ebda92527b8e19d2e5b39eba27b3bf96a7fed

SHA512
2c2740468567ec8f95f365205c9ee7ca17a32ad59ea699193fc10a64354987e43ca4285f5200bdf07658d5c82aa0d2cb074939f4ab8df397ae2ab842156dbea8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28482\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
7a72e6619c6dd2ac57c461de31c1cc42

SHA1
242e392b352117aaa3e018eed2c41786a91bfd93

SHA256
5a3d41a750d1d6714232448193e57ab7d8fd718ba9cec24c7afc71f69886dae3

SHA512
2687faf7e8fabfd786e7b0befc8a2d2009948d20e630e2fa2897090941823aa24399175074ff4bb12ef10958226666873e8d789bdb347cbe18cb83601fe3b209

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28482\api-ms-win-core-sysinfo-l1-2-0.dll

Filesize
21KB

MD5
6fdd07a52f1197307a96fe6644ea132b

SHA1
965d65ac8816cf866c981579139a8767a901624b

SHA256
da65cf54767305c74eaf35e39ac8b7ff472c2df5e22a84e4fc465e2448d2fea3

SHA512
57d29c796ce098834dad1b140bf811f499f10edd3a903fefc88757b20e3fe639f71b8bb112de2baac302810a6b4878eac4f23a2869ddf0e5917f28673c515bef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28482\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
d0a90686aebdcd4cb6e6afa53c314da4

SHA1
6151b1ad3ee45e5a4d06f95077b72e264b5eba86

SHA256
9dae313de05c31ab6583545323e422dd1bdaec4aa26e81cbea0d5b69b632fd0c

SHA512
8e78be56c0d73e991c378de357567587d1c96f74beea34b4ceeb39de617f6824ef85ee3f77af1ae8d0a5ef4a205cbbb83dbf8d6fd218c199116c14cd67f5cdff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28482\python312.dll

Filesize
1.7MB

MD5
71070618402c15a2fad5ca70c9ef7297

SHA1
34fedbf17a57010c5cd20ef4e690616859cc8e68

SHA256
7d35a191edb95ccd85ef05d645deeca3ed1febd9acd659569fab56ae06c1ebdf

SHA512
81ef8749f5c3dbd586ddbbcf26cd6c80607a5cc9c26e31c912f454ca56013082174e2012a507739ec1e9c5a2f019bf0ca6bd3ce18880abdbff0ba5f8f3cbbf28

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28482\ucrtbase.dll

Filesize
1.3MB

MD5
1c5c8447d570e0eceefc9f3f92c008da

SHA1
a198c2897e6a1c5745e2ef7f508541dc21675ad4

SHA256
d404dc9aa843d53d7e276dd078b2cac8d7aa905e2838a1fe8385278e19ba3810

SHA512
a1dd080b57a6339cbc66c9abaecc0a59315b9dfe843176267b10a8324b8eb15e0f2c856c7de938d3405905dadc36d75f0ad3ad67d8aff5caa42ceda889c07607

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI28482\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
c0ca315df1be9c3027d71663dbefe3e1

SHA1
55f68cb7c4f7f9795edd83f7d10b80795a645ec0

SHA256
1b384401b534ca9a61dce7f51c8d54b9eabb625f86569bf09e449be5724c6ca0

SHA512
c27c225bfe720af18dc116163a3b84a47c9afe5b03044c8ba3d913352c7de08f87c8f776ced8ea9836eeded0e27b836a079a24622d2e4861b988dc3a3f07942b

Download Submit
memory/1208-1324-0x000007FEF5F00000-0x000007FEF65C5000-memory.dmp

Filesize
6.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads