fb4049f1cbf38c779ee6dd169995f5b52e3f0fbbecdf91cc1988c7a874a22f20

Analysis

max time kernel
121s
max time network
156s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c837b8f6ca68ee32e0e7916a5731846.exe
Size

2.9MB
MD5

0c837b8f6ca68ee32e0e7916a5731846
SHA1

c139c7163f9fc39775d6b93e5aea8164e084cea8
SHA256

fb4049f1cbf38c779ee6dd169995f5b52e3f0fbbecdf91cc1988c7a874a22f20
SHA512

a9da09fa311a1d41f74a12e42fdaf0e4059fb4ad31edf374681c2b7c74f76ca374d696dd2c9adbcf5b6054c71a37b774e869ce35383277fde949a5f9c2d5949f
SSDEEP

49152:HD+tyDbS07WDZfbRET0C5g0pvpDMYFepN74NH5HUyNRcUsCVOzetdZJ:HDNbe1c0CmSpDMX4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2396	0c837b8f6ca68ee32e0e7916a5731846.exe

Executes dropped EXE 1 IoCs

pid	Process
2396	0c837b8f6ca68ee32e0e7916a5731846.exe

Loads dropped DLL 1 IoCs

pid	Process
1076	0c837b8f6ca68ee32e0e7916a5731846.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1076-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012257-14.dat	upx
behavioral1/files/0x000a000000012257-10.dat	upx
behavioral1/memory/2396-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1076	0c837b8f6ca68ee32e0e7916a5731846.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1076	0c837b8f6ca68ee32e0e7916a5731846.exe
2396	0c837b8f6ca68ee32e0e7916a5731846.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 2396	1076	0c837b8f6ca68ee32e0e7916a5731846.exe	28
PID 1076 wrote to memory of 2396	1076	0c837b8f6ca68ee32e0e7916a5731846.exe	28
PID 1076 wrote to memory of 2396	1076	0c837b8f6ca68ee32e0e7916a5731846.exe	28
PID 1076 wrote to memory of 2396	1076	0c837b8f6ca68ee32e0e7916a5731846.exe	28

C:\Users\Admin\AppData\Local\Temp\0c837b8f6ca68ee32e0e7916a5731846.exe
"C:\Users\Admin\AppData\Local\Temp\0c837b8f6ca68ee32e0e7916a5731846.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Users\Admin\AppData\Local\Temp\0c837b8f6ca68ee32e0e7916a5731846.exe
  C:\Users\Admin\AppData\Local\Temp\0c837b8f6ca68ee32e0e7916a5731846.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0c837b8f6ca68ee32e0e7916a5731846.exe

Filesize
186KB

MD5
e2d009d017cadaed90cabb5f814416c3

SHA1
338318cd9692e80a4e2659b8e7813a904256c60c

SHA256
a317926efdb91e4910b8d126b50e81d26c398ac3aa7844f9aad10a739694afb8

SHA512
ed31e6dd58944c6044f5f49d58cb06d050699b4e07a5e27135eaf283f31dd5fd266f2831185a84ca3568dcc8d41a316d92245df16e473cd20249a6f2b184fb32

Download Submit
\Users\Admin\AppData\Local\Temp\0c837b8f6ca68ee32e0e7916a5731846.exe

Filesize
344KB

MD5
0ffb74a335936c30cb51695034900868

SHA1
da31ef0263f8f21955a09ed0dc343aaab043fe93

SHA256
1de678f96911d06d4f9f1b410e26522e7528c7c00cb5ac263c95874e06871b24

SHA512
0e19bd694ba56372d1bc3b3220021b1dff15f383108169bd12924b64c5d07a4b1f0edbf0d3485511412768a37a74c85eba7b2217413b83fa00c5804e3a3eddeb

Download Submit
memory/1076-15-0x00000000038E0000-0x0000000003DCF000-memory.dmp

Filesize
4.9MB

Download
memory/1076-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1076-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1076-2-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/1076-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2396-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2396-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2396-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2396-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2396-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2396-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download