9b726eaea828875a76edecdb76563e57c16e5302cf7cf7983baa058915b8fa97

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08a9d37ad87d7f5f0048e3cb26436a5c.exe
Size

1010KB
MD5

08a9d37ad87d7f5f0048e3cb26436a5c
SHA1

9f47aa53901735f012409618ab57a08a026f2b93
SHA256

9b726eaea828875a76edecdb76563e57c16e5302cf7cf7983baa058915b8fa97
SHA512

35aca76060c41fe5373325b6bb1574ff3b856eaafdd423b41541b09fc698b443b6c12ed1e7b8d8115d174dfaa4da735d0430ed2b0281bc5ff61bbd4fee65ad90
SSDEEP

12288:9yBqSDUCa48MZUP+YTfmQOohSdgSH1KTAOPBo3+zHYTfm:kD4ehmfBhShH1EAemf

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2304	08a9d37ad87d7f5f0048e3cb26436a5c.exe

Executes dropped EXE 1 IoCs

pid	Process
2304	08a9d37ad87d7f5f0048e3cb26436a5c.exe

Loads dropped DLL 1 IoCs

pid	Process
1948	08a9d37ad87d7f5f0048e3cb26436a5c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1948-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral1/files/0x0009000000012251-14.dat	upx
behavioral1/files/0x0009000000012251-12.dat	upx
behavioral1/files/0x0009000000012251-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1948	08a9d37ad87d7f5f0048e3cb26436a5c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1948	08a9d37ad87d7f5f0048e3cb26436a5c.exe
2304	08a9d37ad87d7f5f0048e3cb26436a5c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2304	1948	08a9d37ad87d7f5f0048e3cb26436a5c.exe	14
PID 1948 wrote to memory of 2304	1948	08a9d37ad87d7f5f0048e3cb26436a5c.exe	14
PID 1948 wrote to memory of 2304	1948	08a9d37ad87d7f5f0048e3cb26436a5c.exe	14
PID 1948 wrote to memory of 2304	1948	08a9d37ad87d7f5f0048e3cb26436a5c.exe	14

C:\Users\Admin\AppData\Local\Temp\08a9d37ad87d7f5f0048e3cb26436a5c.exe
C:\Users\Admin\AppData\Local\Temp\08a9d37ad87d7f5f0048e3cb26436a5c.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2304

C:\Users\Admin\AppData\Local\Temp\08a9d37ad87d7f5f0048e3cb26436a5c.exe
"C:\Users\Admin\AppData\Local\Temp\08a9d37ad87d7f5f0048e3cb26436a5c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\08a9d37ad87d7f5f0048e3cb26436a5c.exe

Filesize
28KB

MD5
6eabdce988ef65720e6b334996dc89fd

SHA1
58dbb7ad4c1559429e964a8ed8b30484548a67c1

SHA256
e939a70c2b2d6689bd5cc8fce6415115189eed30f0dbfad8c27c56783e3d9ec8

SHA512
a559c2f2107aa85b094afe6f52d821a5291492df1b8efad6d0c37da9ed14b173285d5324a49fe0dad89cf52b07e198eefb2f12d15ebd3558077370a13d1960fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\08a9d37ad87d7f5f0048e3cb26436a5c.exe

Filesize
17KB

MD5
806c0633462340618a4804a7eb0d13b5

SHA1
425458770cd89b922d6f9b564e77598fc3ee9ff3

SHA256
e8d16d3d406d54a9c89560d8f2ecb9fa1465d24ae382f47d688a4f61d20cb0a0

SHA512
dac17e30952237be3d1e584394029254e8966832ec4a58a3a63458a34082c565fdc637b14a0f69a8ca81231cf31e2e8f658a17081e833ed16ce561cc4e10ac63

Download Submit
\Users\Admin\AppData\Local\Temp\08a9d37ad87d7f5f0048e3cb26436a5c.exe

Filesize
20KB

MD5
00c2723c16f0cf17e2a3ac8e80b92c64

SHA1
92b73a505f98980790e65e5edcacd76d7366ed7b

SHA256
1a4ac316ee850ee64d27c4eb9475046e14bd6ac7bdd3cda0ff6733070b9df374

SHA512
3753cb8c7585afffa72663ce1ef3ca3d3fb0342898813ca6016859e843e45d5e3ae113ebaec4ee0d3801aba0021723788e921b3b16fe30aefd7239972d5dea31

Download Submit
memory/1948-15-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/1948-6-0x0000000000170000-0x00000000001A3000-memory.dmp

Filesize
204KB

Download
memory/1948-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/1948-1-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2304-23-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2304-16-0x0000000000220000-0x0000000000253000-memory.dmp

Filesize
204KB

Download
memory/2304-17-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2304-18-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2304-29-0x00000000002A0000-0x00000000002F0000-memory.dmp

Filesize
320KB

Download
memory/2304-30-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download