8b8fb2b97f394c1bd87409ea482a61f668d9c2e92b6c30ffd92bbb66fcd00a0a

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36bc96beb8c702c884bdbaff9d949240.exe
Size

5.8MB
MD5

36bc96beb8c702c884bdbaff9d949240
SHA1

0c2a52ded9931ae6f75213b29648cdc8c942c5f1
SHA256

8b8fb2b97f394c1bd87409ea482a61f668d9c2e92b6c30ffd92bbb66fcd00a0a
SHA512

29e4da0cc74f3241b7b5fda5f2a3d9917b036aa71a2f06094cee830d9817fc8f0c861cdce69aae0ce004c0e8eda7ac6c2fd4ba80a0da635e07793115785b5a9e
SSDEEP

98304:ECJ2lMjqf6eZGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:ECUlMp8GhRaaCkN9qHGhRa

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2172	36bc96beb8c702c884bdbaff9d949240.exe

Executes dropped EXE 1 IoCs

pid	Process
2172	36bc96beb8c702c884bdbaff9d949240.exe

Loads dropped DLL 1 IoCs

pid	Process
948	36bc96beb8c702c884bdbaff9d949240.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/948-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c0000000122f0-14.dat	upx
behavioral1/files/0x000c0000000122f0-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
948	36bc96beb8c702c884bdbaff9d949240.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
948	36bc96beb8c702c884bdbaff9d949240.exe
2172	36bc96beb8c702c884bdbaff9d949240.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 2172	948	36bc96beb8c702c884bdbaff9d949240.exe	17
PID 948 wrote to memory of 2172	948	36bc96beb8c702c884bdbaff9d949240.exe	17
PID 948 wrote to memory of 2172	948	36bc96beb8c702c884bdbaff9d949240.exe	17
PID 948 wrote to memory of 2172	948	36bc96beb8c702c884bdbaff9d949240.exe	17

C:\Users\Admin\AppData\Local\Temp\36bc96beb8c702c884bdbaff9d949240.exe
"C:\Users\Admin\AppData\Local\Temp\36bc96beb8c702c884bdbaff9d949240.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:948
- C:\Users\Admin\AppData\Local\Temp\36bc96beb8c702c884bdbaff9d949240.exe
  C:\Users\Admin\AppData\Local\Temp\36bc96beb8c702c884bdbaff9d949240.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\36bc96beb8c702c884bdbaff9d949240.exe

Filesize
100KB

MD5
299c380818128aa3e5a7f867ed8853c0

SHA1
61ab4afc68d088f6fa4a16fcaf51727602dcfe6e

SHA256
f526dfe00cbe6107f1f2760a2f0da3e637e1fadf7b03bb7861a0028645e744a3

SHA512
1d74856b55878423651645577ef64e29b42e65d18491567f84e5b9eef7a20f3b7c6277bbbd9f9b6806c54bdd0e4c52d47d0e01abc80b4d91da68943267b8b8e7

Download Submit
\Users\Admin\AppData\Local\Temp\36bc96beb8c702c884bdbaff9d949240.exe

Filesize
77KB

MD5
3d510764599f557d27a19bbe3eb55a15

SHA1
ef4fc339aa50adf414c977400ca1fe99d474fa80

SHA256
fb0702e56e4959059ebb8e9f9a69e4c3746b65da50fc92a4150e0247fdf15231

SHA512
6ede0e48ce4a0b5056decbbf89b7f0f90a769bf3024e644d9d8d7707e17cc1e7cbc3d078a108d062272881c9c7c460a5f39b8191dccf0830f903fb128c3356cb

Download Submit
memory/948-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/948-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/948-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/948-16-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/948-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2172-26-0x0000000003420000-0x000000000364A000-memory.dmp

Filesize
2.2MB

Download
memory/2172-21-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2172-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2172-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2172-19-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2172-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download