1d8108975b6a3a84eae8ade2c0cc1b7bb85d22b3fd99156dfaf641ab397179e9

Analysis

max time kernel
122s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 09:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8322fd4b3fc93f6779777f95a6cb04cc.exe
Size

5.3MB
MD5

8322fd4b3fc93f6779777f95a6cb04cc
SHA1

17535634a3e5420224d1ea9590ce5db03b9d8e9f
SHA256

1d8108975b6a3a84eae8ade2c0cc1b7bb85d22b3fd99156dfaf641ab397179e9
SHA512

16ba9e482775efbc98ffe4e2a04b9d9a97d76380a622193fe15a1a7748f00e1b1325b89d9b1a8d3f84919953453dba4fbf67fdf22bfe60efc474740367d73298
SSDEEP

98304:hUh/q2N4dUPxljvMeK/xxNmJs9ElpYq0T/LEr60jvMeK/xxNmJs9Ef:hQqmiU/MeK/x9cOq0zM6iMeK/x94

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3052	8322fd4b3fc93f6779777f95a6cb04cc.exe

Executes dropped EXE 1 IoCs

pid	Process
3052	8322fd4b3fc93f6779777f95a6cb04cc.exe

Loads dropped DLL 1 IoCs

pid	Process
1152	8322fd4b3fc93f6779777f95a6cb04cc.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1152-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012252-10.dat	upx
behavioral1/files/0x000b000000012252-15.dat	upx
behavioral1/memory/3052-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1152	8322fd4b3fc93f6779777f95a6cb04cc.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1152	8322fd4b3fc93f6779777f95a6cb04cc.exe
3052	8322fd4b3fc93f6779777f95a6cb04cc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 3052	1152	8322fd4b3fc93f6779777f95a6cb04cc.exe	28
PID 1152 wrote to memory of 3052	1152	8322fd4b3fc93f6779777f95a6cb04cc.exe	28
PID 1152 wrote to memory of 3052	1152	8322fd4b3fc93f6779777f95a6cb04cc.exe	28
PID 1152 wrote to memory of 3052	1152	8322fd4b3fc93f6779777f95a6cb04cc.exe	28

C:\Users\Admin\AppData\Local\Temp\8322fd4b3fc93f6779777f95a6cb04cc.exe
"C:\Users\Admin\AppData\Local\Temp\8322fd4b3fc93f6779777f95a6cb04cc.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Users\Admin\AppData\Local\Temp\8322fd4b3fc93f6779777f95a6cb04cc.exe
  C:\Users\Admin\AppData\Local\Temp\8322fd4b3fc93f6779777f95a6cb04cc.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8322fd4b3fc93f6779777f95a6cb04cc.exe

Filesize
88KB

MD5
7610020bb64a186c3536b88e2a47bf74

SHA1
3204612caf4170a84b19b32760787d8f81f9e8be

SHA256
dd1db19f45cace6b99f436d50942cf6a2997baa1688fc8569735bd3f535c3760

SHA512
c213a2e4ca39703bd8316d95907a21ca2829ed31b31498e584e75c1d2a97cd8dc7094b2037145d3034f906eb3bb30b50528d5424b42f97d29f1df45592713405

Download Submit
\Users\Admin\AppData\Local\Temp\8322fd4b3fc93f6779777f95a6cb04cc.exe

Filesize
176KB

MD5
3cf57a4b198f3116ea47acf7b2257432

SHA1
8f6a43bf0dffa2b752bb04c23b6cb08266900660

SHA256
6cf757515ced7d2e3aaa2a828c60ae414faedae85f729e2d4a4f57231d4a8b98

SHA512
3ac569401aa1063282e5e71ce45d3bface986ecc23a28fbb2b4eaafb149be771557674ebdb9a122c888fd06a806b22f43102d0d357461bebe3981ecc8b6aeda6

Download Submit
memory/1152-13-0x0000000003CD0000-0x00000000041BF000-memory.dmp

Filesize
4.9MB

Download
memory/1152-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1152-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1152-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1152-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1152-31-0x0000000003CD0000-0x00000000041BF000-memory.dmp

Filesize
4.9MB

Download
memory/3052-19-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/3052-25-0x0000000003500000-0x000000000372A000-memory.dmp

Filesize
2.2MB

Download
memory/3052-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3052-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3052-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3052-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download