abc014f0330c86bbb2c05540d3eff028eb56b951e994de8eb6fca45c81e03908

Analysis

max time kernel
120s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 08:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

608cc11f1d8c2103ba82c8d55fea9e4b.exe
Size

1.5MB
MD5

608cc11f1d8c2103ba82c8d55fea9e4b
SHA1

f3f07a17fc5ee9ffae807c021e5a28060a0829de
SHA256

abc014f0330c86bbb2c05540d3eff028eb56b951e994de8eb6fca45c81e03908
SHA512

b87af993c527cd88232a256d7812e5ce43f583aced6315ad79fdab20468f82a44c8710128b74194df226769d6aba9fcdcb6237fdd0309177d68295c98c06fdbf
SSDEEP

24576:GSS7HCFi6tywvmkDRrAsKaBgi0AE4AJ3+FHyLZfHq/2ycttdKQ30pa0W:GS4irgw+0+hqgSJAWHAZieBcSk9

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2792	608cc11f1d8c2103ba82c8d55fea9e4b.exe

Executes dropped EXE 1 IoCs

pid	Process
2792	608cc11f1d8c2103ba82c8d55fea9e4b.exe

Loads dropped DLL 1 IoCs

pid	Process
2376	608cc11f1d8c2103ba82c8d55fea9e4b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2376-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000900000001222c-10.dat	upx
behavioral1/files/0x000900000001222c-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2376	608cc11f1d8c2103ba82c8d55fea9e4b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2376	608cc11f1d8c2103ba82c8d55fea9e4b.exe
2792	608cc11f1d8c2103ba82c8d55fea9e4b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2792	2376	608cc11f1d8c2103ba82c8d55fea9e4b.exe	27
PID 2376 wrote to memory of 2792	2376	608cc11f1d8c2103ba82c8d55fea9e4b.exe	27
PID 2376 wrote to memory of 2792	2376	608cc11f1d8c2103ba82c8d55fea9e4b.exe	27
PID 2376 wrote to memory of 2792	2376	608cc11f1d8c2103ba82c8d55fea9e4b.exe	27

C:\Users\Admin\AppData\Local\Temp\608cc11f1d8c2103ba82c8d55fea9e4b.exe
"C:\Users\Admin\AppData\Local\Temp\608cc11f1d8c2103ba82c8d55fea9e4b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Users\Admin\AppData\Local\Temp\608cc11f1d8c2103ba82c8d55fea9e4b.exe
  C:\Users\Admin\AppData\Local\Temp\608cc11f1d8c2103ba82c8d55fea9e4b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\608cc11f1d8c2103ba82c8d55fea9e4b.exe

Filesize
375KB

MD5
a33ab07af1d14ae4190827314c518d9d

SHA1
60d298e6b72e87b82dc437aaa207b250f5659930

SHA256
8bde388dc6ee9d4060f7950b0f3bbfdee29a5cfe9849944c3002df3d2bfb6fb9

SHA512
ca75ae29c6b3d82a52102a9407eafc55e17d6100be246446ba50641a887b5e5ccbaa7e8649d125219b0e97ed94e6cb2b097ec214d71e6c8accbedf9cdb42529c

Download Submit
\Users\Admin\AppData\Local\Temp\608cc11f1d8c2103ba82c8d55fea9e4b.exe

Filesize
321KB

MD5
b5aa8c453c7bfa47a9837bdba9bda24c

SHA1
685108d0f9d5d58265c84f8b5ac933adf26d6639

SHA256
ce2d115cfc9b48e51ae23732e72853c7e074cd1f5c074ce961f8d447e50a2964

SHA512
83bec45e7f303bfac0af7fa00c0be3bc7fb8e9c0a94280c92bdfd968e0e54803c55f18ef23337fe88ae9b81a650f9c11ff10740d36635f8b2d3464cc61d3039d

Download Submit
memory/2376-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2376-2-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2376-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2376-14-0x00000000035E0000-0x0000000003ACF000-memory.dmp

Filesize
4.9MB

Download
memory/2376-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2792-24-0x00000000034C0000-0x00000000036EA000-memory.dmp

Filesize
2.2MB

Download
memory/2792-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2792-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2792-19-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/2792-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2792-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download