dcb119f468a2976f45b5e428792480d839ccdcc9b77af2c3b2aa764abf851491

Analysis

max time kernel
88s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2022, 21:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dcb119f468a2976f45b5e428792480d839ccdcc9b77af2c3b2aa764abf851491.exe
Size

265KB
MD5

0e8101f4f68fe3b422f2289c0c042a41
SHA1

0cc7271e45e3f3266aa952d1af26db07c0b008c3
SHA256

dcb119f468a2976f45b5e428792480d839ccdcc9b77af2c3b2aa764abf851491
SHA512

0eb712da816a9c4d07adb6536b217e66b9e454ade15b5d7ec88495f4a2212e2c83fe71f9789cb0299ce39af0f88cfdd541aa99d1e89533ba104a2d857cf25b09
SSDEEP

6144:rTAgeIrBpEZL02vIMoIelJLxHnsYj9vwkXEwPbk40TQ0PnETMFqr2:PAgeIrBKOA9yxHtj9Xz10TnPnIMF

Score

8^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1804	apocalyps32.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1804-140-0x0000000040010000-0x000000004004C000-memory.dmp	upx

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\apocalyps32.exe	dcb119f468a2976f45b5e428792480d839ccdcc9b77af2c3b2aa764abf851491.exe
File created	C:\Windows\apocalyps32.exe	apocalyps32.exe
File created	C:\Windows\apocalyps32.exe	dcb119f468a2976f45b5e428792480d839ccdcc9b77af2c3b2aa764abf851491.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 1804	4752	dcb119f468a2976f45b5e428792480d839ccdcc9b77af2c3b2aa764abf851491.exe	84
PID 4752 wrote to memory of 1804	4752	dcb119f468a2976f45b5e428792480d839ccdcc9b77af2c3b2aa764abf851491.exe	84
PID 4752 wrote to memory of 1804	4752	dcb119f468a2976f45b5e428792480d839ccdcc9b77af2c3b2aa764abf851491.exe	84
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85
PID 1804 wrote to memory of 3732	1804	apocalyps32.exe	85

C:\Users\Admin\AppData\Local\Temp\dcb119f468a2976f45b5e428792480d839ccdcc9b77af2c3b2aa764abf851491.exe
"C:\Users\Admin\AppData\Local\Temp\dcb119f468a2976f45b5e428792480d839ccdcc9b77af2c3b2aa764abf851491.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Windows\apocalyps32.exe
  -bs
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
    3⤵
    PID:3732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\apocalyps32.exe

Filesize
265KB

MD5
0e8101f4f68fe3b422f2289c0c042a41

SHA1
0cc7271e45e3f3266aa952d1af26db07c0b008c3

SHA256
dcb119f468a2976f45b5e428792480d839ccdcc9b77af2c3b2aa764abf851491

SHA512
0eb712da816a9c4d07adb6536b217e66b9e454ade15b5d7ec88495f4a2212e2c83fe71f9789cb0299ce39af0f88cfdd541aa99d1e89533ba104a2d857cf25b09

Download Submit
C:\Windows\apocalyps32.exe

Filesize
265KB

MD5
0e8101f4f68fe3b422f2289c0c042a41

SHA1
0cc7271e45e3f3266aa952d1af26db07c0b008c3

SHA256
dcb119f468a2976f45b5e428792480d839ccdcc9b77af2c3b2aa764abf851491

SHA512
0eb712da816a9c4d07adb6536b217e66b9e454ade15b5d7ec88495f4a2212e2c83fe71f9789cb0299ce39af0f88cfdd541aa99d1e89533ba104a2d857cf25b09

Download Submit
memory/1804-137-0x00000000005B0000-0x00000000005EE000-memory.dmp

Filesize
248KB

Download
memory/1804-138-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/1804-140-0x0000000040010000-0x000000004004C000-memory.dmp

Filesize
240KB

Download
memory/1804-143-0x00000000005B0000-0x00000000005EE000-memory.dmp

Filesize
248KB

Download
memory/1804-144-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4752-135-0x0000000000400000-0x000000000046C000-memory.dmp

Filesize
432KB

Download
memory/4752-136-0x0000000000730000-0x000000000076E000-memory.dmp

Filesize
248KB

Download