0c3b80cd7bec1494f0037af8e8eafa5114960440b1b7e984ebad839b144f4768

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 08:33

Target

1382bddb8d6dc7d3e6cb047855c0618b.exe
Size

518KB
MD5

1382bddb8d6dc7d3e6cb047855c0618b
SHA1

94a097eb68185666856fb9dd43150921605c9283
SHA256

0c3b80cd7bec1494f0037af8e8eafa5114960440b1b7e984ebad839b144f4768
SHA512

3471b7ecaf1a8b592d8df2e8706ddd38d3f15d51d9e61f2252aa06a591e4ad9e650ecd91777863716027232ac769d8ac4d350d3c7d75abe4a11060bea42eff33
SSDEEP

12288:s2xx1R2vSMQO3Q/YxXKee5HjzkW74TcIr+Y5p/j8HLPvjHev:s2vMQr/YWB54TjqApLGf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2392	cmd.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1040-0-0x0000000000400000-0x0000000000510000-memory.dmp	upx
behavioral1/memory/1040-9-0x0000000000400000-0x0000000000510000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\vccr.zip	1382bddb8d6dc7d3e6cb047855c0618b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 2392	1040	1382bddb8d6dc7d3e6cb047855c0618b.exe	29
PID 1040 wrote to memory of 2392	1040	1382bddb8d6dc7d3e6cb047855c0618b.exe	29
PID 1040 wrote to memory of 2392	1040	1382bddb8d6dc7d3e6cb047855c0618b.exe	29
PID 1040 wrote to memory of 2392	1040	1382bddb8d6dc7d3e6cb047855c0618b.exe	29

C:\Users\Admin\AppData\Local\Temp\1382bddb8d6dc7d3e6cb047855c0618b.exe
"C:\Users\Admin\AppData\Local\Temp\1382bddb8d6dc7d3e6cb047855c0618b.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\597900.bat
  2⤵
  - Deletes itself
  PID:2392

C:\Users\Admin\AppData\Local\Temp\597900.bat

Filesize
228B

MD5
afebd97d3e088facd616b90a9d3e27e1

SHA1
9542167788d68c7f7a0088d261c687a89001fd42

SHA256
57268ad99f5eaa4257111a53ce98e81bc1a01f61f5b6bad473e84562efa4d05a

SHA512
c38c2457859295a414e9d6b57940e8f241a43ab1b2db29652e2fcaa9839be83c8cba49de77c44c7d04d1f4280eee2c57b41fbec3f82e16e292212aae9e93c65e

Download Submit
memory/1040-0-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download
memory/1040-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1040-9-0x0000000000400000-0x0000000000510000-memory.dmp

Filesize
1.1MB

Download