1c600c4ba397ebb4eea3f3878c0c75d3d46e0e109f84e6b62403d20b7f9e1a06

Analysis

max time kernel
9s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 07:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c600c4ba397ebb4eea3f3878c0c75d3d46e0e109f84e6b62403d20b7f9e1a06.exe
Size

106KB
MD5

61dbef74adaaa72089d6c2c4fb116d60
SHA1

a81dc53d9a23221c69785e88ca9716d930321ce9
SHA256

1c600c4ba397ebb4eea3f3878c0c75d3d46e0e109f84e6b62403d20b7f9e1a06
SHA512

da3eb848e4cabd898a15f03345400c48d5ec4ee8665175efc60278098e3d10772a5aee48cec7d13f2612d1b5c8d537faf6a422b961ac111a9ceb43050465106b
SSDEEP

1536:NayvRUVU3NDhANtSedolQT7MSbxNrCZD3o6tlqDygwfpJ5UiTA4MyvW833e1WtUp:keCeFhAb7NrP9ytfpDUGv9HDUi015v

Score

8^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
972	apocalyps32.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/240-55-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral1/files/0x000e0000000054a8-57.dat	upx
behavioral1/memory/240-58-0x0000000000400000-0x0000000000427000-memory.dmp	upx
behavioral1/files/0x000e0000000054a8-60.dat	upx
behavioral1/memory/972-62-0x0000000040010000-0x000000004004B000-memory.dmp	upx
behavioral1/memory/972-65-0x0000000000400000-0x0000000000427000-memory.dmp	upx

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\apocalyps32.exe	1c600c4ba397ebb4eea3f3878c0c75d3d46e0e109f84e6b62403d20b7f9e1a06.exe
File opened for modification	C:\Windows\apocalyps32.exe	1c600c4ba397ebb4eea3f3878c0c75d3d46e0e109f84e6b62403d20b7f9e1a06.exe
File created	C:\Windows\apocalyps32.exe	apocalyps32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 240 wrote to memory of 972	240	1c600c4ba397ebb4eea3f3878c0c75d3d46e0e109f84e6b62403d20b7f9e1a06.exe	28
PID 240 wrote to memory of 972	240	1c600c4ba397ebb4eea3f3878c0c75d3d46e0e109f84e6b62403d20b7f9e1a06.exe	28
PID 240 wrote to memory of 972	240	1c600c4ba397ebb4eea3f3878c0c75d3d46e0e109f84e6b62403d20b7f9e1a06.exe	28
PID 240 wrote to memory of 972	240	1c600c4ba397ebb4eea3f3878c0c75d3d46e0e109f84e6b62403d20b7f9e1a06.exe	28
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29
PID 972 wrote to memory of 1360	972	apocalyps32.exe	29

C:\Users\Admin\AppData\Local\Temp\1c600c4ba397ebb4eea3f3878c0c75d3d46e0e109f84e6b62403d20b7f9e1a06.exe
"C:\Users\Admin\AppData\Local\Temp\1c600c4ba397ebb4eea3f3878c0c75d3d46e0e109f84e6b62403d20b7f9e1a06.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:240
- C:\Windows\apocalyps32.exe
  -bs
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:972
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\apocalyps32.exe

Filesize
106KB

MD5
61dbef74adaaa72089d6c2c4fb116d60

SHA1
a81dc53d9a23221c69785e88ca9716d930321ce9

SHA256
1c600c4ba397ebb4eea3f3878c0c75d3d46e0e109f84e6b62403d20b7f9e1a06

SHA512
da3eb848e4cabd898a15f03345400c48d5ec4ee8665175efc60278098e3d10772a5aee48cec7d13f2612d1b5c8d537faf6a422b961ac111a9ceb43050465106b

Download Submit
C:\Windows\apocalyps32.exe

Filesize
106KB

MD5
61dbef74adaaa72089d6c2c4fb116d60

SHA1
a81dc53d9a23221c69785e88ca9716d930321ce9

SHA256
1c600c4ba397ebb4eea3f3878c0c75d3d46e0e109f84e6b62403d20b7f9e1a06

SHA512
da3eb848e4cabd898a15f03345400c48d5ec4ee8665175efc60278098e3d10772a5aee48cec7d13f2612d1b5c8d537faf6a422b961ac111a9ceb43050465106b

Download Submit
memory/240-54-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

Filesize
8KB

Download
memory/240-55-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/240-58-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/972-62-0x0000000040010000-0x000000004004B000-memory.dmp

Filesize
236KB

Download
memory/972-65-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download