5f2da5e7e86cb023afbfdabf84ca7eac61c90debb6ec22f527dbf4d30dfe7042

Analysis

max time kernel
121s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

026c8b3ca9f6fa84f7c38dca706c2366.exe
Size

1.3MB
MD5

026c8b3ca9f6fa84f7c38dca706c2366
SHA1

e975304605c31d1a7003f5cc46d3cb88786c7da5
SHA256

5f2da5e7e86cb023afbfdabf84ca7eac61c90debb6ec22f527dbf4d30dfe7042
SHA512

caa5fa71776592f77a7b2cfdc298eec5b621cc0cbfa620b20e180de79b6e8dc81ea33a96d5d5bd84e25dc8e4add97d5e0d3561435f4f2b1955c1a8fca0054029
SSDEEP

24576:pxcW7lQEcqu2pv+hja0yEOrOcc2/FUd3JIsagKxeLI+ajGz6QpBSKjbZtTBLvG:pFcqu2pv+hTCOd2/FUd5ItgMeLI+Qeu4

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1800	026c8b3ca9f6fa84f7c38dca706c2366.exe

Executes dropped EXE 1 IoCs

pid	Process
1800	026c8b3ca9f6fa84f7c38dca706c2366.exe

Loads dropped DLL 1 IoCs

pid	Process
1396	026c8b3ca9f6fa84f7c38dca706c2366.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1396-1-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a00000001225b-11.dat	upx
behavioral1/files/0x000a00000001225b-14.dat	upx
behavioral1/memory/1396-16-0x00000000033F0000-0x000000000385A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1396	026c8b3ca9f6fa84f7c38dca706c2366.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1396	026c8b3ca9f6fa84f7c38dca706c2366.exe
1800	026c8b3ca9f6fa84f7c38dca706c2366.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1396 wrote to memory of 1800	1396	026c8b3ca9f6fa84f7c38dca706c2366.exe	28
PID 1396 wrote to memory of 1800	1396	026c8b3ca9f6fa84f7c38dca706c2366.exe	28
PID 1396 wrote to memory of 1800	1396	026c8b3ca9f6fa84f7c38dca706c2366.exe	28
PID 1396 wrote to memory of 1800	1396	026c8b3ca9f6fa84f7c38dca706c2366.exe	28

C:\Users\Admin\AppData\Local\Temp\026c8b3ca9f6fa84f7c38dca706c2366.exe
"C:\Users\Admin\AppData\Local\Temp\026c8b3ca9f6fa84f7c38dca706c2366.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1396
- C:\Users\Admin\AppData\Local\Temp\026c8b3ca9f6fa84f7c38dca706c2366.exe
  C:\Users\Admin\AppData\Local\Temp\026c8b3ca9f6fa84f7c38dca706c2366.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\026c8b3ca9f6fa84f7c38dca706c2366.exe

Filesize
372KB

MD5
a706eda93400a13927b8904c567d8d0f

SHA1
eae19290e878162968fd683ad9139152432cd7e5

SHA256
8c39168139776b452d4ae4a2d2fa83970a48cf4111e1f88be02376cd4b9b135e

SHA512
cd2c99d219528ba62d66e91b654ac1167d84b280e84bda3b1adb98337dca1aab4dc183be041fbec61cc9bdb6d606a8dc32ae4d04d26da60e56a06c58f52010f4

Download Submit
\Users\Admin\AppData\Local\Temp\026c8b3ca9f6fa84f7c38dca706c2366.exe

Filesize
636KB

MD5
7467cd9ce607e84e467162f79e638d4b

SHA1
23c0a9af3524d29d064d28767359c64d042cec3e

SHA256
799e67da2816fbb438adec974412e4231031bf01b32af2158955d959203be9aa

SHA512
32c2f0a4cd4271c1bc4741682d48d3c0e807f899e4a49d19ac934b3adf0f061ce824e1c228d6ac58609e8185d4ebb09d866a39c29befe1001f97e399876b33c1

Download Submit
memory/1396-0-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1396-1-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1396-3-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/1396-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1396-16-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download
memory/1396-26-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download
memory/1800-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1800-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1800-21-0x0000000000250000-0x0000000000362000-memory.dmp

Filesize
1.1MB

Download
memory/1800-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download