3c348c71da70994be75c0b316b96fc03f3598acc504ee7235b25b40783ca6530

Analysis

max time kernel
121s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 04:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ecc4684d06cba8167f8b63e185fc92c.exe
Size

2.7MB
MD5

0ecc4684d06cba8167f8b63e185fc92c
SHA1

ce5ac1b45aaba4c49fffb5b5a7c2dce1966b9ebb
SHA256

3c348c71da70994be75c0b316b96fc03f3598acc504ee7235b25b40783ca6530
SHA512

417c736dd751a9b4a57edc3093115a6fab2c2512d3235da32d6a74271633607a05236c7873ca35d066ca0bd55a03d2e735dd6d45f2894fe3671c47b2724ab8e2
SSDEEP

49152:VHIWFr6jfw4TyxSddPIWcAqACt2R9aGagn/xNaI/8xSIrsRdev1xqyCWjR9j:VHvAjfwX0PH/y2Hahg/xNalSIRsWjHj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2652	0ecc4684d06cba8167f8b63e185fc92c.exe

Executes dropped EXE 1 IoCs

pid	Process
2652	0ecc4684d06cba8167f8b63e185fc92c.exe

Loads dropped DLL 1 IoCs

pid	Process
812	0ecc4684d06cba8167f8b63e185fc92c.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/812-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a000000012243-10.dat	upx
behavioral1/files/0x000a000000012243-12.dat	upx
behavioral1/files/0x000a000000012243-13.dat	upx
behavioral1/memory/2652-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
812	0ecc4684d06cba8167f8b63e185fc92c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
812	0ecc4684d06cba8167f8b63e185fc92c.exe
2652	0ecc4684d06cba8167f8b63e185fc92c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 812 wrote to memory of 2652	812	0ecc4684d06cba8167f8b63e185fc92c.exe	28
PID 812 wrote to memory of 2652	812	0ecc4684d06cba8167f8b63e185fc92c.exe	28
PID 812 wrote to memory of 2652	812	0ecc4684d06cba8167f8b63e185fc92c.exe	28
PID 812 wrote to memory of 2652	812	0ecc4684d06cba8167f8b63e185fc92c.exe	28

C:\Users\Admin\AppData\Local\Temp\0ecc4684d06cba8167f8b63e185fc92c.exe
"C:\Users\Admin\AppData\Local\Temp\0ecc4684d06cba8167f8b63e185fc92c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:812
- C:\Users\Admin\AppData\Local\Temp\0ecc4684d06cba8167f8b63e185fc92c.exe
  C:\Users\Admin\AppData\Local\Temp\0ecc4684d06cba8167f8b63e185fc92c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0ecc4684d06cba8167f8b63e185fc92c.exe

Filesize
1024KB

MD5
2f9d6a5d09ed539371ea1f4610f94835

SHA1
61a27d15ef742f44d3a2c68994ce12433b2639c7

SHA256
a6c245a93a651a91b2b3a706d423bcf667ca81a2378bf8ed4ccd7abe72cf4b8a

SHA512
2e12427001512e5f93daef6b6540ea5555d68e8435efc0109f6ba18fd12dbc60cc6de5d19b7ec39b22897dad503992bdbeac3f5da7d9253f70bf55cf081bd0d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\0ecc4684d06cba8167f8b63e185fc92c.exe

Filesize
1.5MB

MD5
847ef33943d5725ef43e6f32691d8699

SHA1
374ad5e8c4f14bcba947aaa88291e31b364e47a9

SHA256
6b17babbffdac4c02e83df94c1c3fcea0f3ad7b73eb8f795889d237df5b24a3d

SHA512
e8d3ab2bd1c694a878c2f317b2e3bf7ee4eeb11ea890771b03efc561cb4c07fe20d7f95cde7ea0a72017a45c6eab4112bf5e366e0ca20fd494277a8419fe45a9

Download Submit
\Users\Admin\AppData\Local\Temp\0ecc4684d06cba8167f8b63e185fc92c.exe

Filesize
896KB

MD5
0c6abe2949c688411f3afd7080e9845f

SHA1
b66c7f92ab1744c8345b4673885a48c57677bd4b

SHA256
024db5df69078edd7cd8632334a5a01762ecfe5719e6f7ea01ada363989ca085

SHA512
c433eea1e3af7a20145183c9fac26d58ae19d667a2a8844cfc2ed45fa8f11f9a55761f4bbefd96328a7a276aab90322d22e0ac44bde818f4742755bb1fbdf985

Download Submit
memory/812-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/812-4-0x0000000000290000-0x00000000003C1000-memory.dmp

Filesize
1.2MB

Download
memory/812-15-0x0000000003870000-0x0000000003D57000-memory.dmp

Filesize
4.9MB

Download
memory/812-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/812-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/812-31-0x0000000003870000-0x0000000003D57000-memory.dmp

Filesize
4.9MB

Download
memory/2652-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2652-17-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2652-18-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2652-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2652-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2652-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download