338fd831f6ef2966fa7a0cf3738d4238f32873ff3f8945f362da7ca2dc9d5988

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a9d11140551f2f5e423f898c1d5c123.exe
Size

2.7MB
MD5

8a9d11140551f2f5e423f898c1d5c123
SHA1

11fa75d6004d94c80096f8095592aed71044c34f
SHA256

338fd831f6ef2966fa7a0cf3738d4238f32873ff3f8945f362da7ca2dc9d5988
SHA512

75f5b81bced85901b074234e29b6b7f80158d391f8ff3cfaae4f2873edcbc7215d64dba229aecf90a1deed9b9c8c8dc959024a327346d1be12d321ba4646d48a
SSDEEP

49152:OcqXBi2eamdH1dcIS1/tBNHMyrpehP61R92pnfodBmVSeiWujuJPcrSwGSa9R9j:GXsT/2N1xvpQP61HAnCBpeUj7SwGSKHj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1948	8a9d11140551f2f5e423f898c1d5c123.exe

Executes dropped EXE 1 IoCs

pid	Process
1948	8a9d11140551f2f5e423f898c1d5c123.exe

Loads dropped DLL 1 IoCs

pid	Process
1848	8a9d11140551f2f5e423f898c1d5c123.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1848-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/memory/1948-17-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b0000000126e7-13.dat	upx
behavioral1/files/0x000b0000000126e7-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1848	8a9d11140551f2f5e423f898c1d5c123.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1848	8a9d11140551f2f5e423f898c1d5c123.exe
1948	8a9d11140551f2f5e423f898c1d5c123.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 1948	1848	8a9d11140551f2f5e423f898c1d5c123.exe	28
PID 1848 wrote to memory of 1948	1848	8a9d11140551f2f5e423f898c1d5c123.exe	28
PID 1848 wrote to memory of 1948	1848	8a9d11140551f2f5e423f898c1d5c123.exe	28
PID 1848 wrote to memory of 1948	1848	8a9d11140551f2f5e423f898c1d5c123.exe	28

C:\Users\Admin\AppData\Local\Temp\8a9d11140551f2f5e423f898c1d5c123.exe
"C:\Users\Admin\AppData\Local\Temp\8a9d11140551f2f5e423f898c1d5c123.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Users\Admin\AppData\Local\Temp\8a9d11140551f2f5e423f898c1d5c123.exe
  C:\Users\Admin\AppData\Local\Temp\8a9d11140551f2f5e423f898c1d5c123.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8a9d11140551f2f5e423f898c1d5c123.exe

Filesize
375KB

MD5
9826b5e7c14522ec03c5de7b509561ff

SHA1
db7ccaebc8323b93d3cc5f2e155a9c5fa98adfed

SHA256
89535d12757a8020b12419e9e15abbd7c189e67e81ddff84489f11c9ece28c88

SHA512
91abdc4e89a0e696a876439c3eaf1dff661a90da55c65a177facf2e898775777873ecc97de9033cacd7fafe1adcf2c23b27e3f47e7dc7e17df79b6b3f154aec6

Download Submit
\Users\Admin\AppData\Local\Temp\8a9d11140551f2f5e423f898c1d5c123.exe

Filesize
320KB

MD5
874953d7e3280025f662e9a3f3e617cf

SHA1
51f6972b79aea02105d3fcddca6715747a388501

SHA256
b9a8290813bc66b6d5ee286af03e495dbb5ed5edf72dd38f1c6dfee9d26b35ab

SHA512
fd8774acf2cd2cdd627e27970748eed9d7d59e9c60d778eb4ab4f8207ca96b77a3a6439f3a56160f2b58b1c1c66fb1ee743dfba7710f55c9c1a4d1993f2c4998

Download Submit
memory/1848-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1848-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1848-15-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/1848-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1848-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1848-31-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/1948-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1948-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1948-19-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1948-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1948-26-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/1948-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download