bc67ecedbad5173af79c0cdf57295cabf63032c24a4a5fefb842ca573bf4b783

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

220a064f8506702ef9d9e829ebdf5d8b.exe
Size

1.3MB
MD5

220a064f8506702ef9d9e829ebdf5d8b
SHA1

caddf738eb2e439a981e5729de16cfdc41a30988
SHA256

bc67ecedbad5173af79c0cdf57295cabf63032c24a4a5fefb842ca573bf4b783
SHA512

2d3044bafd34dc60d1359bb50688f6b9ec2ef2adfa252e147f69462e4b3556c00ee711bca5b610d434dc45b49f28025476125d78841b5738bc3fdf2b8dab21a8
SSDEEP

24576:zqxuUkJNx4lRehW9fgU00ED3bEn/5QISvu6dmJoMxCNKcjBUMmoKvPm+HxU9/9Us:+4UkJN+lR0W9fTgCxQzNdDMxajB6m+He

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2272	220a064f8506702ef9d9e829ebdf5d8b.exe

Executes dropped EXE 1 IoCs

pid	Process
2272	220a064f8506702ef9d9e829ebdf5d8b.exe

Loads dropped DLL 1 IoCs

pid	Process
1352	220a064f8506702ef9d9e829ebdf5d8b.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1352-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a000000012256-10.dat	upx
behavioral1/files/0x000a000000012256-15.dat	upx
behavioral1/memory/1352-14-0x0000000003590000-0x0000000003A77000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1352	220a064f8506702ef9d9e829ebdf5d8b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1352	220a064f8506702ef9d9e829ebdf5d8b.exe
2272	220a064f8506702ef9d9e829ebdf5d8b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 2272	1352	220a064f8506702ef9d9e829ebdf5d8b.exe	28
PID 1352 wrote to memory of 2272	1352	220a064f8506702ef9d9e829ebdf5d8b.exe	28
PID 1352 wrote to memory of 2272	1352	220a064f8506702ef9d9e829ebdf5d8b.exe	28
PID 1352 wrote to memory of 2272	1352	220a064f8506702ef9d9e829ebdf5d8b.exe	28

C:\Users\Admin\AppData\Local\Temp\220a064f8506702ef9d9e829ebdf5d8b.exe
"C:\Users\Admin\AppData\Local\Temp\220a064f8506702ef9d9e829ebdf5d8b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Local\Temp\220a064f8506702ef9d9e829ebdf5d8b.exe
  C:\Users\Admin\AppData\Local\Temp\220a064f8506702ef9d9e829ebdf5d8b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2272

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\220a064f8506702ef9d9e829ebdf5d8b.exe

Filesize
260KB

MD5
a03ecd14886fd1dbf985b5e1c91bd61b

SHA1
2e4e0c2482de8f8ce842fbca5a52b450c7b5f92d

SHA256
13ec0b11181c03564c6e2a0b13b3d260cff814ae666bdfd66b3684c81402a408

SHA512
30bd22f1af5d0db33b53e442e84c78bdfc8953c750c802aef1d1cc0da683132fb49bec8221973a272cce442555317cec8e99ae311fdb0c1cde4eed57aa21404b

Download Submit
\Users\Admin\AppData\Local\Temp\220a064f8506702ef9d9e829ebdf5d8b.exe

Filesize
412KB

MD5
678aa27ed39ea3eec3830a7801be5042

SHA1
b1ddc78d37b08420f9e69107a54cbe59171e8194

SHA256
72af660dd6267692463687fdd16c1f1742d780d1b5a7dde31db027bd8efa6fb4

SHA512
acf3d59893b68e0cfe3ec53448fd57d919a332b041e1cfb8f4f27b05f69dc1dacdd990453fcda105e58b113fe78039ae8a8788da70860791cb83167555caa485

Download Submit
memory/1352-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1352-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1352-1-0x0000000000250000-0x0000000000381000-memory.dmp

Filesize
1.2MB

Download
memory/1352-14-0x0000000003590000-0x0000000003A77000-memory.dmp

Filesize
4.9MB

Download
memory/1352-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1352-33-0x0000000003590000-0x0000000003A77000-memory.dmp

Filesize
4.9MB

Download
memory/2272-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2272-18-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2272-20-0x00000000002B0000-0x00000000003E1000-memory.dmp

Filesize
1.2MB

Download
memory/2272-24-0x00000000032B0000-0x00000000034D2000-memory.dmp

Filesize
2.1MB

Download
memory/2272-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2272-34-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download