8cab6e5b1e80089818b7910dce4306421061e96b207b58a9ba5f69a969feb97a

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6807aecf09c666a03dd2d99887de2ea3.exe
Size

10.1MB
MD5

6807aecf09c666a03dd2d99887de2ea3
SHA1

f240ceb7c3dabc2371097b1d919f3925e968af66
SHA256

8cab6e5b1e80089818b7910dce4306421061e96b207b58a9ba5f69a969feb97a
SHA512

65013c9076bc4b7932b0a6e085d3422d56d01abc777d468b8d125d75b4ab5ce9cbf79c062114934d5173d10f64f185b27933e5b2107f2fa0baff35847943fe16
SSDEEP

196608:XOVyBjEWCCn+XMQWCOWDP3sWCCn+XMQWCi:XOABjEYc/lDP3sYc/A

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2712	6807aecf09c666a03dd2d99887de2ea3.exe

Executes dropped EXE 1 IoCs

pid	Process
2712	6807aecf09c666a03dd2d99887de2ea3.exe

Loads dropped DLL 1 IoCs

pid	Process
2888	6807aecf09c666a03dd2d99887de2ea3.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2888-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012185-10.dat	upx
behavioral1/memory/2712-15-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012185-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2888	6807aecf09c666a03dd2d99887de2ea3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2888	6807aecf09c666a03dd2d99887de2ea3.exe
2712	6807aecf09c666a03dd2d99887de2ea3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2712	2888	6807aecf09c666a03dd2d99887de2ea3.exe	28
PID 2888 wrote to memory of 2712	2888	6807aecf09c666a03dd2d99887de2ea3.exe	28
PID 2888 wrote to memory of 2712	2888	6807aecf09c666a03dd2d99887de2ea3.exe	28
PID 2888 wrote to memory of 2712	2888	6807aecf09c666a03dd2d99887de2ea3.exe	28

C:\Users\Admin\AppData\Local\Temp\6807aecf09c666a03dd2d99887de2ea3.exe
"C:\Users\Admin\AppData\Local\Temp\6807aecf09c666a03dd2d99887de2ea3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Users\Admin\AppData\Local\Temp\6807aecf09c666a03dd2d99887de2ea3.exe
  C:\Users\Admin\AppData\Local\Temp\6807aecf09c666a03dd2d99887de2ea3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6807aecf09c666a03dd2d99887de2ea3.exe

Filesize
10.1MB

MD5
e87afaf098c5682d418772f536d4b344

SHA1
116d14ac6c4a7b053c1dc1f7cbce5d3865dae63d

SHA256
e3c19028989abfa77eb9df3958b62c5d883d8c5a8554bbe141074768b42d8189

SHA512
a1738863b7ef429c90522f2d9344836efec7e87f699bc1c360da5bc713c677e6f97d57385d4b3a788ee43d83fb24de0954842b24c7426a3c126aeb1938a68742

Download Submit
\Users\Admin\AppData\Local\Temp\6807aecf09c666a03dd2d99887de2ea3.exe

Filesize
256KB

MD5
f244d30837d24791e2e88554a5d30751

SHA1
b96a13e14e36831ef3c79024ef5ab59b72c1a8dc

SHA256
7aae3b4128ec295405ba8308975e1600b6e09e06b61d4a34fcd2de8148120bc9

SHA512
3c5fadb92874057f64464b8465062fdfc8965680ab723a98e4e20e986f2fcc79e164e63e8862c7b68e2131939ab0d0a8c89205cd1eca45bd6a483afcabdd3131

Download Submit
memory/2712-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2712-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2712-16-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2712-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2712-23-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2712-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2888-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2888-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2888-2-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2888-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download