9ed8ff7fd2ab2c2532cf23f6fc2e2745debf955482abd0b785342ebe1a86798c

Analysis

max time kernel
1s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 07:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ed8ff7fd2ab2c2532cf23f6fc2e2745debf955482abd0b785342ebe1a86798c.exe
Size

255KB
MD5

80eac3530070b2fdd724d5c64b2ee6dc
SHA1

ff01b00245f4117b2189f595726f50c80e70d4f5
SHA256

9ed8ff7fd2ab2c2532cf23f6fc2e2745debf955482abd0b785342ebe1a86798c
SHA512

3ffeabf65f4d7d879892344ba3bb64da5c92761e33bae03c5e0acc5c243d7c166fc060347d06d097e74c0ee179c2316b5ba85eedea238cae162f577a7f9dfc70
SSDEEP

3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJK:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIj

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 22 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c0000000054a8-55.dat	upx
behavioral1/memory/1948-56-0x0000000000400000-0x00000000004A0000-memory.dmp	upx
behavioral1/memory/1948-57-0x0000000002360000-0x0000000002400000-memory.dmp	upx
behavioral1/files/0x000c0000000054a8-59.dat	upx
behavioral1/files/0x000b000000012346-62.dat	upx
behavioral1/files/0x00080000000126f1-68.dat	upx
behavioral1/files/0x000b000000012346-70.dat	upx
behavioral1/files/0x00080000000126f1-74.dat	upx
behavioral1/files/0x0007000000012721-76.dat	upx
behavioral1/files/0x0007000000012721-73.dat	upx
behavioral1/files/0x00080000000126f1-79.dat	upx
behavioral1/files/0x00080000000126f1-77.dat	upx
behavioral1/files/0x0007000000012721-71.dat	upx
behavioral1/files/0x00080000000126f1-66.dat	upx
behavioral1/files/0x000b000000012346-64.dat	upx
behavioral1/files/0x000c0000000054a8-61.dat	upx
behavioral1/memory/1768-84-0x0000000000400000-0x00000000004A0000-memory.dmp	upx
behavioral1/memory/1948-89-0x0000000000400000-0x00000000004A0000-memory.dmp	upx
behavioral1/memory/332-87-0x0000000000400000-0x00000000004A0000-memory.dmp	upx
behavioral1/memory/1664-85-0x0000000000400000-0x00000000004A0000-memory.dmp	upx
behavioral1/memory/1424-83-0x0000000000400000-0x00000000004A0000-memory.dmp	upx
behavioral1/memory/1944-81-0x0000000000400000-0x00000000004A0000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\9ed8ff7fd2ab2c2532cf23f6fc2e2745debf955482abd0b785342ebe1a86798c.exe
"C:\Users\Admin\AppData\Local\Temp\9ed8ff7fd2ab2c2532cf23f6fc2e2745debf955482abd0b785342ebe1a86798c.exe"
1⤵
PID:1948
- C:\Windows\SysWOW64\fuzejtmtot.exe
  fuzejtmtot.exe
  2⤵
  PID:1944
- - C:\Windows\SysWOW64\bcgzusaz.exe
    C:\Windows\system32\bcgzusaz.exe
    3⤵
    PID:332
- C:\Windows\SysWOW64\jmadnorwpdxfq.exe
  jmadnorwpdxfq.exe
  2⤵
  PID:1664
- C:\Windows\SysWOW64\bcgzusaz.exe
  bcgzusaz.exe
  2⤵
  PID:1768
- C:\Windows\SysWOW64\ilxkyzeltwsewbf.exe
  ilxkyzeltwsewbf.exe
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
  "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Windows\mydoc.rtf"
  2⤵
  PID:1164

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\bcgzusaz.exe

Filesize
17KB

MD5
9f9b7dc004708bb45309e6b5b8e682ed

SHA1
6471271502def1f1c2744059270352a8d931a999

SHA256
54a9cc1d12d09d1cab09c37b2262ab652d622b627ab8ab43b5a4a43cc2bd8d8c

SHA512
b85869390ad0a235072f72acfa108fed26e1bf2f921364f9de405876b80f375037bd685582d09e7073220e3ee152ff0d378d09476c357038f4fad93d435a5045

Download Submit
C:\Windows\SysWOW64\bcgzusaz.exe

Filesize
48KB

MD5
0880fe25100b0e682a5bfc5c1b12ad95

SHA1
ab8e32c792a7cf89463f8d7d338af3ed9b0b645e

SHA256
0e5908911f9977e6f21da487bfdf7b8ac6bd232cf10feaa551780c5392838f23

SHA512
735ddbd7caee457082108cdd12f8534cf45f3af399275bbcfe8019ec02351fbeb8bf5b9095234eba53df1ad7e7cdc036e346e73d1a91e9dfeb042cd0578c6017

Download Submit
C:\Windows\SysWOW64\bcgzusaz.exe

Filesize
34KB

MD5
80b9a7619e02d93d10f6afaf16cd0995

SHA1
3eb25a5d4b68d8412868b65f21066f805ee82a20

SHA256
d9268d0a34ebb04b541ad2018154136e453aeebba1b18085104d31bc5fa8609e

SHA512
330608584fe07867321881dd2655b149390767b3be65c8d9a58caaddcc9db9c4b5023592bddf288338ea003bb7153d1421a8031ee53d9c13bf26d5dee37e9f4c

Download Submit
C:\Windows\SysWOW64\fuzejtmtot.exe

Filesize
43KB

MD5
f67ff3d6a2d2779e17e8f393c4666cd3

SHA1
d218d7d9c85a9456112a9bf92c1a6f6a14e1082a

SHA256
3e00b71a60d86cef129fb0b3cc238a73e57f1512d4dfc66b9823bf988fdce22b

SHA512
8758a9cdeb80235b8b24542a107a213ba71949640e65d6cc8188cd345f6f5284fbcfa72fc10a956736a96ad260142540fe0a5ac5ee32ea3f89a39f1e59e739de

Download Submit
C:\Windows\SysWOW64\fuzejtmtot.exe

Filesize
37KB

MD5
482073c611cd7666c4b59d3c4400d301

SHA1
a1183e28a2785bc806e1f034122a956859123446

SHA256
2c81289d278ca31b7bdefcc0aecb5efb5f68b4775699c0c95f24df2e5a69c7c0

SHA512
422549eb44bea980fc52cb94dd029234e78b4c5636a99e6b7a0b853b7cfa74e5bfed35b0bb7c4c7654e5ea1bdd5575b511bdb5e01265bec0300cf6b5e2b1102c

Download Submit
C:\Windows\SysWOW64\ilxkyzeltwsewbf.exe

Filesize
38KB

MD5
7a5062e5666c1a275764c789148a688e

SHA1
62c3be9231bf3c8df4d2edbcd65c84a5f2ffb370

SHA256
d487cb9559df0b4cc6b93f80012d82f1ac19afa2c66522b11be391dfb5f4ad31

SHA512
ab03e9ca4bf9f74cf283ebf4b02c4651483e993942bbfad4597fb6458046ed7aafa8dd8c64f8a9b6ef5a4db5afdf84530f345dbd9fe65a1cbc08de068b1228d8

Download Submit
C:\Windows\SysWOW64\ilxkyzeltwsewbf.exe

Filesize
29KB

MD5
5a8289a94292aa502d51582496c09aba

SHA1
5d766ce3bf2187471c847106de34583590cdd9a6

SHA256
7ba6f55ee38e5dac55bad482ced2fd9387c582e39681f1e04ad20eaba3f7ff44

SHA512
a4a3e0788197aede58e0d6e4a7574924989881d8e9e6a4f2372597f0479aa3d6c128045e727762c06dfa44cb55cfaca1601f38d75e7fd10e6ef08540b74be391

Download Submit
C:\Windows\SysWOW64\jmadnorwpdxfq.exe

Filesize
50KB

MD5
61ca7685e9dc38a8fe4ddfaf83eb765b

SHA1
22c45494fdbeadf0abcd1400af90a3b7e3d32a5e

SHA256
7ccace25eb921e5da6888e7ca6d37a35e627d5cc5dc42b2ee377954a5d6a8aef

SHA512
3d88c09481ae14dcf4873116a8d53e2bf25c311eaf44c957fd16555da4f5c2c34fb9ae22193e65044d2c376f178896cc5d53fd2df0e7317a7c7b38e64c973413

Download Submit
C:\Windows\SysWOW64\jmadnorwpdxfq.exe

Filesize
32KB

MD5
3d9dc5f76be50d82695ef85e8456a55d

SHA1
9e47861630a3b18ba622a0506a9d8a14b9d172fa

SHA256
54752c4f9dec46c9e931cd1d96c206a3a4d90b03355e577b3c912d76d734c204

SHA512
b313cd81eb0352285413b77cf88be02021035d3af42dfb234e0adc0f6f31dad5ab4eb409e083537a31c4cb52b37c28c3dbf3320559c72c720c9fb48d0e54ecce

Download Submit
\Windows\SysWOW64\bcgzusaz.exe

Filesize
53KB

MD5
3e606a9d722b9451d089b8b44128034d

SHA1
6c039595cfce490c3dcc38d0f7536c0e051618d9

SHA256
83406a00fb7aa55a4ee6682fa6af22f5353dee576174c27fd7943952bd33c3f9

SHA512
ec648590da6afe6b60c56fe634866b3b42da3e5ffcb7fc0d0e36c29548be4076848a7bb4cd61a0af455a5ab08a7e9d9084ee5b09f936394b4f2c9abe1bea50c6

Download Submit
\Windows\SysWOW64\bcgzusaz.exe

Filesize
41KB

MD5
572e3572b81e5500d98201f458f4fbb4

SHA1
98816c8243a3168fa1dacd5f986188f7e561de5f

SHA256
219235896d137c77949f22c40e9e8faa6b342b5e7626a95d493a2108e7b49637

SHA512
de63a1cbcd638bc59b9c2a9b7cf8b8b421c1d6952d7368932df977232a9d281f6d9b923a7c61d975fd734b784741304ea616e31a6fb672be46cd4c543fcd2013

Download Submit
\Windows\SysWOW64\fuzejtmtot.exe

Filesize
255KB

MD5
80ca83da236b87f9388ad5f5d3588594

SHA1
a8984881df8226f78e8afaead125a34a71dff26a

SHA256
d85fbed47d098ffa5e811a239bb25d2a4a2cf9eb498e23ffc17fba9ffb21f898

SHA512
483f5f5bae8b082ea41a84761fa6272051e007ae46958704e408d3843e5a9f5a1271d194ff21de7c26ae8fcb9aae271309697cba0724473437084267bc05496c

Download Submit
\Windows\SysWOW64\ilxkyzeltwsewbf.exe

Filesize
48KB

MD5
4f698f1c347651073f734f02d7e2b3c3

SHA1
051011c857d6945797ab7c67f8074469f242778a

SHA256
287ac0947f49811f6695c868c68cd65fcb50aabf1d081efc05e000925abcaf74

SHA512
51c96be951597fb3933979d880d7ff427f805e74841fa696e2a61ed34b3fad87687059179a106eac2277ead4599a62dc3e16096ca48e0baac639e9190a1fa64e

Download Submit
\Windows\SysWOW64\jmadnorwpdxfq.exe

Filesize
32KB

MD5
89d0c1b8f3c738c776c7a77bf8b67dff

SHA1
f1b780163fe594adfdc9506aa93e78dfac003e1c

SHA256
40859846ad2d003e4694695e617e4921d209acc572d5af653c84ba2deafc98d3

SHA512
bddb0d7c2888e99c02e7c42e5eed11162e68209615c4f0b0d1a85abf76c37b6035edbfab727f167a993a1a11b329a0b49bb970851a44edcf214b66c75f62f9eb

Download Submit
memory/332-87-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1164-92-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1164-91-0x000000006FE51000-0x000000006FE53000-memory.dmp

Filesize
8KB

Download
memory/1164-90-0x00000000723D1000-0x00000000723D4000-memory.dmp

Filesize
12KB

Download
memory/1424-83-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1664-85-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1768-84-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1944-81-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1944-86-0x0000000003CF0000-0x0000000003D90000-memory.dmp

Filesize
640KB

Download
memory/1948-57-0x0000000002360000-0x0000000002400000-memory.dmp

Filesize
640KB

Download
memory/1948-89-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1948-82-0x0000000002360000-0x0000000002400000-memory.dmp

Filesize
640KB

Download
memory/1948-56-0x0000000000400000-0x00000000004A0000-memory.dmp

Filesize
640KB

Download
memory/1948-54-0x0000000076031000-0x0000000076033000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads