ed316f8dccff26b50533e0ebf86ee6792e5257bbd01a660733f7ec11be538d30

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 12:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8ac626ce1a63b7b5cc2bf55b7467f4bb.exe
Size

1.5MB
MD5

8ac626ce1a63b7b5cc2bf55b7467f4bb
SHA1

f2c9c94ad6e0610f42eb7720cec9596d8cee9bf8
SHA256

ed316f8dccff26b50533e0ebf86ee6792e5257bbd01a660733f7ec11be538d30
SHA512

ac61d7a39c9bb858c360580672873dfaf7b0cd70b60c46ce664e8a5f095d259bf1c33c25d7dc2b798067b8f87352260f6f12c16298e07b845124bb257dec46bd
SSDEEP

24576:vQJ45dmKJXUkQMaaNZxU2D8JWkjJMZ2nCSXuZ7XXoV5diuRucdkqW:UodLBEa7C22zJMZwvuZEBiuRuwV

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2876	8ac626ce1a63b7b5cc2bf55b7467f4bb.exe

Executes dropped EXE 1 IoCs

pid	Process
2876	8ac626ce1a63b7b5cc2bf55b7467f4bb.exe

Loads dropped DLL 1 IoCs

pid	Process
3000	8ac626ce1a63b7b5cc2bf55b7467f4bb.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3000-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000000e610-13.dat	upx
behavioral1/files/0x000b00000000e610-12.dat	upx
behavioral1/files/0x000b00000000e610-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3000	8ac626ce1a63b7b5cc2bf55b7467f4bb.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3000	8ac626ce1a63b7b5cc2bf55b7467f4bb.exe
2876	8ac626ce1a63b7b5cc2bf55b7467f4bb.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 2876	3000	8ac626ce1a63b7b5cc2bf55b7467f4bb.exe	28
PID 3000 wrote to memory of 2876	3000	8ac626ce1a63b7b5cc2bf55b7467f4bb.exe	28
PID 3000 wrote to memory of 2876	3000	8ac626ce1a63b7b5cc2bf55b7467f4bb.exe	28
PID 3000 wrote to memory of 2876	3000	8ac626ce1a63b7b5cc2bf55b7467f4bb.exe	28

C:\Users\Admin\AppData\Local\Temp\8ac626ce1a63b7b5cc2bf55b7467f4bb.exe
"C:\Users\Admin\AppData\Local\Temp\8ac626ce1a63b7b5cc2bf55b7467f4bb.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Users\Admin\AppData\Local\Temp\8ac626ce1a63b7b5cc2bf55b7467f4bb.exe
  C:\Users\Admin\AppData\Local\Temp\8ac626ce1a63b7b5cc2bf55b7467f4bb.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2876

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8ac626ce1a63b7b5cc2bf55b7467f4bb.exe

Filesize
273KB

MD5
9325e0c902d09c4c6d8e481f6a91cae6

SHA1
d4791780f251ad884bacba79ed5fe9cb4ca3834c

SHA256
c0dfe16a2828f10b57927500df3c7460aa630558b36ae481d81fe73ff68911b1

SHA512
3fb00cea21308ce67f7e04f3ad24811038a59edb8ee44490e6146e64df42e2d14e65095652ec64a8f18e24dca1ffba7714f8785d68a1ffcdfaf04ed310b029e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\8ac626ce1a63b7b5cc2bf55b7467f4bb.exe

Filesize
290KB

MD5
6bb61c80f02839895337f6e227c19f41

SHA1
6135453dac678ebdf53f23a86ea459b944fff38d

SHA256
ded4685c25a06f4b9f939a61a0215b1029033defeaebdab017b88031c54efe20

SHA512
a4c777d8f1809517fcd5632c3f11250706496665a70e65d842d68fe0f573896a284038a6195b98e47eeaf190b09055c97d6a94bc1f8696ceed117e60b46807ba

Download Submit
\Users\Admin\AppData\Local\Temp\8ac626ce1a63b7b5cc2bf55b7467f4bb.exe

Filesize
265KB

MD5
858ea2c0eddb56b6e0ebbee547acaaa5

SHA1
96e579a1d1041cded33e22bb6cb0fdedddd69c97

SHA256
77224d867d7e48ea1d003eb6eed44a717eabc97467ef29ac76cd4199a0382d27

SHA512
09e2c0b14e39b95a411dceb266591042b142ef1ea4169ab90de3b14cf335d6016261ae31373dbcd39fc7917174e5c864f25402ef6517119301cfe196bfaeea73

Download Submit
memory/2876-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2876-15-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2876-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2876-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2876-23-0x00000000032D0000-0x00000000034FA000-memory.dmp

Filesize
2.2MB

Download
memory/2876-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3000-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3000-3-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/3000-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3000-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download