9c08bf7ed286a551481852f54c7508e32973fdcdbd2e743730c26b33b39abab3

Analysis

max time kernel
0s
max time network
35s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27d63ed060d3e56f13116b49fc4a60bb.exe
Size

439KB
MD5

27d63ed060d3e56f13116b49fc4a60bb
SHA1

928cbba0a9d4741514f7f069e6f28c370278ff47
SHA256

9c08bf7ed286a551481852f54c7508e32973fdcdbd2e743730c26b33b39abab3
SHA512

e47eafa93b6f875117985d06985a6fa686767a8d89a9a186c5d8cdb9650c6aed246374e8cbba128a7fcf1b7eece0e8e26f1700a44826f12fb661bf88ba230cd1
SSDEEP

12288:42Z5Qeotv3vuws85itViytnxMFXgw8hzvt5:75/0/vuwtoHtWG5

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2972-93-0x0000000000E80000-0x0000000000EB0000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process
2944	2972	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\27d63ed060d3e56f13116b49fc4a60bb.exe
"C:\Users\Admin\AppData\Local\Temp\27d63ed060d3e56f13116b49fc4a60bb.exe"
1⤵
PID:1928
- C:\Users\Admin\AppData\Local\Temp\nsy19BA.tmp\ic2.exe
  "C:\Users\Admin\AppData\Local\Temp\nsy19BA.tmp\ic2.exe"
  2⤵
  PID:2436
- C:\Users\Admin\AppData\Local\Temp\nsy19BA.tmp\IR.exe
  "C:\Users\Admin\AppData\Local\Temp\nsy19BA.tmp\IR.exe"
  2⤵
  PID:2864
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Roaming\skzsmv2qq.bat
    3⤵
    PID:1288
- - C:\Windows\SysWOW64\Rundll32.exe
    Rundll32.exe setupapi,InstallHinfSection DefaultInstall 128 C:\Users\Admin\AppData\Roaming\mdinstall.inf
    3⤵
    PID:592
- - C:\Users\Admin\AppData\Roaming\8cfi7.exe
    C:\Users\Admin\AppData\Roaming\8cfi7.exe
    3⤵
    PID:2996
- C:\Users\Admin\AppData\Local\Temp\nsy19BA.tmp\6tbp.exe
  "C:\Users\Admin\AppData\Local\Temp\nsy19BA.tmp\6tbp.exe"
  2⤵
  PID:2812
- C:\Users\Admin\AppData\Local\Temp\nsy19BA.tmp\3E4U - Bucks.exe
  "C:\Users\Admin\AppData\Local\Temp\nsy19BA.tmp\3E4U - Bucks.exe"
  2⤵
  PID:2972
- C:\Users\Admin\AppData\Local\Temp\nsy19BA.tmp\2IC.exe
  "C:\Users\Admin\AppData\Local\Temp\nsy19BA.tmp\2IC.exe"
  2⤵
  PID:2796
- C:\Users\Admin\AppData\Local\Temp\nsy19BA.tmp\1EuroP.exe
  "C:\Users\Admin\AppData\Local\Temp\nsy19BA.tmp\1EuroP.exe"
  2⤵
  PID:2404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 284
1⤵
- Program crash
PID:2944

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Wnthtapt.dll",Startup
1⤵
PID:308
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Wnthtapt.dll",iep
  2⤵
  PID:1236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsy19BA.tmp\ic2.exe

Filesize
3KB

MD5
46e07fd3a40760fda18cf6b4fc691742

SHA1
53ee1a754bf5e94fa88a6ab8bb6120b4011afcfa

SHA256
bd7ca609d2fb63e14d08acab1091579c23e298b4fa2ac1e8d2daaff94fc107be

SHA512
ce13f6527cbd13002dca00b71ab38ab12e3f3f7138ada0780ad3f40e7c49946c018a00782ec957b1fd123fb439aabc0d9b3660829dabf10ddcebba08d6e2fbbd

Download Submit
memory/308-111-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/308-90-0x0000000000210000-0x0000000000250000-memory.dmp

Filesize
256KB

Download
memory/308-89-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/308-123-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/308-112-0x0000000000210000-0x0000000000250000-memory.dmp

Filesize
256KB

Download
memory/1236-127-0x0000000000A20000-0x0000000000A60000-memory.dmp

Filesize
256KB

Download
memory/2404-80-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/2404-59-0x00000000003C0000-0x00000000003E5000-memory.dmp

Filesize
148KB

Download
memory/2796-103-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/2796-105-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/2796-106-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/2796-104-0x0000000001D60000-0x0000000001DA6000-memory.dmp

Filesize
280KB

Download
memory/2812-74-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/2812-110-0x0000000010000000-0x000000001001E000-memory.dmp

Filesize
120KB

Download
memory/2812-83-0x00000000022D0000-0x0000000002310000-memory.dmp

Filesize
256KB

Download
memory/2864-102-0x0000000003800000-0x0000000004862000-memory.dmp

Filesize
16.4MB

Download
memory/2972-93-0x0000000000E80000-0x0000000000EB0000-memory.dmp

Filesize
192KB

Download
memory/2972-92-0x0000000000AE0000-0x0000000000D70000-memory.dmp

Filesize
2.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads