f0062067c120a8f25766476d9155dbfb0a76845a395b24b810bca895b110f735

Analysis

max time kernel
38s
max time network
40s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 19:36

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

0dfde1a4c8f38abc290a7e4ad757edea.exe
Size

1.6MB
MD5

0dfde1a4c8f38abc290a7e4ad757edea
SHA1

a267435dd6ed2994325bf13f88710e48088b0a31
SHA256

f0062067c120a8f25766476d9155dbfb0a76845a395b24b810bca895b110f735
SHA512

47c479981b786201eaceed43fbb382135c038067eb1495d431ea3ea712f99e2e32dc23cbbfa34b8a47d09b500fc6b817f7d6b4ba01918d2b745a83e353382d07
SSDEEP

49152:YzP7qZDJfRuuDO3AWHGqB8NNOyeDrmQ0w13:YsuIwmvNNE/50w13

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 27 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2236-22-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-45-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-67-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-65-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-63-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-61-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-59-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-57-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-55-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-53-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-51-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-49-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-47-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-43-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-41-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-39-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-37-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-35-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-33-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-31-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-29-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-27-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-26-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-25-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-23-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-17-0x0000000010000000-0x000000001003D000-memory.dmp	upx
behavioral1/memory/2236-70-0x0000000010000000-0x000000001003D000-memory.dmp	upx

Kills process with taskkill 26 IoCs

evasion

pid	Process
284	taskkill.exe
2900	taskkill.exe
2660	taskkill.exe
548	taskkill.exe
2476	taskkill.exe
1916	taskkill.exe
3032	taskkill.exe
2104	taskkill.exe
1268	taskkill.exe
1144	taskkill.exe
1280	taskkill.exe
1468	taskkill.exe
2812	taskkill.exe
1520	taskkill.exe
1056	taskkill.exe
688	taskkill.exe
560	taskkill.exe
2656	taskkill.exe
2212	taskkill.exe
3048	taskkill.exe
3036	taskkill.exe
2904	taskkill.exe
2452	taskkill.exe
2760	taskkill.exe
2536	taskkill.exe
2780	taskkill.exe

C:\Users\Admin\AppData\Local\Temp\0dfde1a4c8f38abc290a7e4ad757edea.exe
"C:\Users\Admin\AppData\Local\Temp\0dfde1a4c8f38abc290a7e4ad757edea.exe"
1⤵
PID:2332
- C:\Users\Admin\AppData\Local\Temp\°×½ð°æ.exe
  C:\Users\Admin\AppData\Local\Temp\°×½ð°æ.exe
  2⤵
  PID:2236
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im 360tray.exe
    3⤵
    - Kills process with taskkill
    PID:2104
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kavsvc.exe
    3⤵
    - Kills process with taskkill
    PID:3036
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im 360tray.exe
    3⤵
    - Kills process with taskkill
    PID:1520
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im VsTskMgr.exe
    3⤵
    - Kills process with taskkill
    PID:1056
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Mcshield.exe
    3⤵
    - Kills process with taskkill
    PID:560
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Ravmon.exe
    3⤵
    - Kills process with taskkill
    PID:688
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Rav.exe
    3⤵
    - Kills process with taskkill
    PID:548
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im KVXP.kxp
    3⤵
    - Kills process with taskkill
    PID:2536
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im VsTskMgr.exe
    3⤵
    - Kills process with taskkill
    PID:2904
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Mcshield.exe
    3⤵
    - Kills process with taskkill
    PID:1268
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Ravmon.exe
    3⤵
    - Kills process with taskkill
    PID:2476
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Rav.exe
    3⤵
    - Kills process with taskkill
    PID:1280
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im KVXP.kxp
    3⤵
    - Kills process with taskkill
    PID:2452
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im kavsvc.exe
    3⤵
    - Kills process with taskkill
    PID:1468
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im 360tray.exe
    3⤵
    - Kills process with taskkill
    PID:1144
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im VsTskMgr.exe
    3⤵
    - Kills process with taskkill
    PID:2212
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Mcshield.exe
    3⤵
    - Kills process with taskkill
    PID:3048
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Ravmon.exe
    3⤵
    - Kills process with taskkill
    PID:1916
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Rav.exe
    3⤵
    - Kills process with taskkill
    PID:284
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im KVXP.kxp
    3⤵
    - Kills process with taskkill
    PID:3032
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im 360tray.exe
    3⤵
    - Kills process with taskkill
    PID:2656
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im VsTskMgr.exe
    3⤵
    - Kills process with taskkill
    PID:2812
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Mcshield.exe
    3⤵
    - Kills process with taskkill
    PID:2900
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Ravmon.exe
    3⤵
    - Kills process with taskkill
    PID:2780
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im Rav.exe
    3⤵
    - Kills process with taskkill
    PID:2760
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im 360tray.exe
    3⤵
    - Kills process with taskkill
    PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\°×½ð°æ.exe

Filesize
44KB

MD5
11ded4f145c70e87e49f427b4edbce3b

SHA1
4f398f690f41420d62caaa77a156cf0e7c9d5863

SHA256
b1458674a62afb60f0c1a827ba6808842b77c3bf9c33f661e279ae906acebd63

SHA512
61f0cef4c8456ea7532df819bc0f1951231a8d3dfbbf31d9fcc8c49e1bd8a22594510e33d32643d04b4b0b1727f63e8465f6269c0479cc38862f4e0e63c20b9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\°×½ð°æ.exe

Filesize
36KB

MD5
dd672d68a152be352fc6d1ed485bccfa

SHA1
b6b461bd886c74210c9ea4afb722e52bfbd52fdd

SHA256
4568afe53bab2ea773d771582f057b79a6f7daaaa7c5a7379fab4be5a3a6f257

SHA512
fda02dd2ca16d5dac97c9b3f29bfa6cde86286645daad1a9f7b37df8425a1eefd7371ec5c1f14ec2b669b85ae824a398da2b0facc7a016ca479b47ae7ca3ee2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\°×½ð°æ.exe

Filesize
15KB

MD5
ead561da6f2b6aedff2ab2eaecc726af

SHA1
5ac215507cc032bbbfc06aa8f31cd5b8233790d6

SHA256
8c90014025780b410163a2abf19129b1d57d569db507d1a5d9fae5958bd864e0

SHA512
d390439522ec225af31f586d8fa8ac792868e8989e1c8d720a54b2ceafe8f7d0703fe871db4e2cc51d4752233d0274b48911d4e74197a1b9ceda1f58e93e66da

Download Submit
\Users\Admin\AppData\Local\Temp\°×½ð°æ.exe

Filesize
38KB

MD5
9a69090fd5fcf75551a0aab5bd9f7882

SHA1
e380709821dee071b773b29e82fd069c2ff59ca0

SHA256
8886ae33c57e8ed9fa34c23e1ff9a876d47ac40e730a7ae57c5eb1d58f542d71

SHA512
00e8f5f175a4cd8502fc540a0c8d28aca08b326eaa11a32edf19368a182101a98182f2e0d1b6491702324a6c76c8f4f5d56ddc92006000bf44cfa2a376180ee9

Download Submit
\Users\Admin\AppData\Local\Temp\°×½ð°æ.exe

Filesize
72KB

MD5
d9fe99c3f7345676b3d2262dd648fd78

SHA1
d6a935c166bdec4394cafea1b5247cc9ec4b0b9f

SHA256
5d70808b2eb0dd50dc1019e759ff5058ebaeae4076b90a74b6c6ce07d7bb5f2b

SHA512
cd987a917719082b5469372c03c4856a67998c36aa0c71c0529077fdcd7efdbafce3951b1afb23cb8bd6441acd58f310fbfc2d1ed33c0275e4213476e6ebfc0b

Download Submit
\Users\Admin\AppData\Local\Temp\°×½ð°æ.exe

Filesize
25KB

MD5
7559fd746ef8d987b4ac9bf99632a265

SHA1
a3acc23ce2307144ee5592de39d2175cc8b3d714

SHA256
f7923c2c8ee10b52ca6836b2b9529283e5fa6f931182c65d9e80e5aefe131b19

SHA512
bd04a9625fd3367c4f1bfeb94a3168d116d3284c8c8fc02be210e248edf1415f378ef4c392a38801e10075577e75ef18f24e29d235894a39c3f0f03e60009361

Download Submit
\Users\Admin\AppData\Local\Temp\°×½ð°æ.exe

Filesize
8KB

MD5
37647947baf7cb48656825fcb81ae3e7

SHA1
ad68c03fdc3346c3dc5c749c310765e84f82f805

SHA256
62ff7b16ce19fbde7b93f0be254a247dc4a20d9b5b9cc253a6e2a5db1fff9642

SHA512
447c8af29e862357934ff11a5ef52dff632be72256219079898729166ee39d182d75195c2d55f4a9fb1c999d07ffdf5bbf1954ca438bd6c255366b6f6404f89a

Download Submit
\Users\Admin\AppData\Local\Temp\°×½ð°æ.exe

Filesize
31KB

MD5
e3013f21f8f3952f70ce4f7c4285f74e

SHA1
55528877b7cbb93d47e4ba00bdf5fec74878ec78

SHA256
831844917ffab13291c7274c04c526b602a8950c196ccf0e0d03901dbb292df7

SHA512
c0a43bcbba549bf6ac4a157f97ee58a80ee61bc5d429d366854d48d7dacc9087d6390ecb7195a1c229d37a09eb0c321c815a0be911a69263466a948b9e60d858

Download Submit
memory/2236-37-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-31-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-63-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-61-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-59-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-57-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-55-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-53-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-51-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-49-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-47-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-43-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-41-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-39-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-67-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-35-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-33-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-65-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-29-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-27-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-26-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-25-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-23-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-21-0x00000000003D0000-0x00000000003D2000-memory.dmp

Filesize
8KB

Download
memory/2236-17-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-70-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-45-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-24-0x0000000000D00000-0x0000000001158000-memory.dmp

Filesize
4.3MB

Download
memory/2236-22-0x0000000010000000-0x000000001003D000-memory.dmp

Filesize
244KB

Download
memory/2236-20-0x0000000000D00000-0x0000000001158000-memory.dmp

Filesize
4.3MB

Download
memory/2236-18-0x0000000000D00000-0x0000000001158000-memory.dmp

Filesize
4.3MB

Download
memory/2236-16-0x0000000000400000-0x0000000000858000-memory.dmp

Filesize
4.3MB

Download
memory/2236-69-0x0000000000400000-0x0000000000858000-memory.dmp

Filesize
4.3MB

Download
memory/2236-68-0x0000000000400000-0x0000000000858000-memory.dmp

Filesize
4.3MB

Download
memory/2332-15-0x0000000003A60000-0x0000000003EB8000-memory.dmp

Filesize
4.3MB

Download
memory/2332-14-0x0000000003A60000-0x0000000003EB8000-memory.dmp

Filesize
4.3MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads