c4f8cf83ca3d2a23d4bdedc4a5063eb81f7637e773dffee5543d08e389c45478

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 02:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23ca8e865c84f53a7164c0830cb3a57a.exe
Size

3.9MB
MD5

23ca8e865c84f53a7164c0830cb3a57a
SHA1

f3470a1ab592e1c68ab751365005a845a0d6f793
SHA256

c4f8cf83ca3d2a23d4bdedc4a5063eb81f7637e773dffee5543d08e389c45478
SHA512

bec73560677576279b88cef3d57e0b9f25643cc9c5fc39f81f074e1c2dd34d5527f7025c5d62e17c385723dabb1a21d2ecaa49aaec654d1ff4c93ac0c31f749b
SSDEEP

98304:8TdJ6xF77dUzrgg3gnl/IVUt4pJWzZtIygg3gnl/IVUV:qT6xl7Axgl/iwgWttJgl/iG

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2208	23ca8e865c84f53a7164c0830cb3a57a.exe

Executes dropped EXE 1 IoCs

pid	Process
2208	23ca8e865c84f53a7164c0830cb3a57a.exe

Loads dropped DLL 1 IoCs

pid	Process
2504	23ca8e865c84f53a7164c0830cb3a57a.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2208-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012262-15.dat	upx
behavioral1/files/0x000b000000012262-10.dat	upx
behavioral1/memory/2504-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2504	23ca8e865c84f53a7164c0830cb3a57a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2504	23ca8e865c84f53a7164c0830cb3a57a.exe
2208	23ca8e865c84f53a7164c0830cb3a57a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2208	2504	23ca8e865c84f53a7164c0830cb3a57a.exe	1
PID 2504 wrote to memory of 2208	2504	23ca8e865c84f53a7164c0830cb3a57a.exe	1
PID 2504 wrote to memory of 2208	2504	23ca8e865c84f53a7164c0830cb3a57a.exe	1
PID 2504 wrote to memory of 2208	2504	23ca8e865c84f53a7164c0830cb3a57a.exe	1

C:\Users\Admin\AppData\Local\Temp\23ca8e865c84f53a7164c0830cb3a57a.exe
C:\Users\Admin\AppData\Local\Temp\23ca8e865c84f53a7164c0830cb3a57a.exe
1⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2208

C:\Users\Admin\AppData\Local\Temp\23ca8e865c84f53a7164c0830cb3a57a.exe
"C:\Users\Admin\AppData\Local\Temp\23ca8e865c84f53a7164c0830cb3a57a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2504

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\23ca8e865c84f53a7164c0830cb3a57a.exe

Filesize
3.5MB

MD5
2cceed28a371badd980853d89820cfff

SHA1
470cd8bfe7eab3b115b92e2394569c723934b050

SHA256
a1940fcdb5741321a1bacfc5f78151ff0200b4ab8d3d5c79d194015d81a4ae67

SHA512
392816a64fa35fbef13b3937155eb816260930b47766dbc9bab7a45d01028e6c32c41ec65627adedfc17561a4fff18a6f1af365ac33e293b6ddb198f942fe17b

Download Submit
\Users\Admin\AppData\Local\Temp\23ca8e865c84f53a7164c0830cb3a57a.exe

Filesize
3.0MB

MD5
e1938f2bb7460cb74ee7e1e44d028352

SHA1
67085d52b8fcc53a415f7a261dd18702f201d645

SHA256
61717e5c3fe4a096a258a69cbe889f732f7c9154e455ee664388bd9e1fed1b57

SHA512
6665235a2f4ebfda123f89784f3af54a36e07c5762aa8fec0d9ae5d8b59664864be8e79b91b4eabb16c5ed63b252d6e195e2ebdc332a75c573f105e9caed0250

Download Submit
memory/2208-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2208-26-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2208-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2208-19-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2208-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2208-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2504-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2504-14-0x00000000039F0000-0x0000000003EDF000-memory.dmp

Filesize
4.9MB

Download
memory/2504-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2504-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2504-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download