0c27755cb810e7c690dfed794b9ae4db753608c555a7bfb2103d662912a38441

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 03:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3bc6e8cc505cf4c00a4743ee5140da8e.exe
Size

1.3MB
MD5

3bc6e8cc505cf4c00a4743ee5140da8e
SHA1

a74f065ac8ca5bdaf6e5eb286444dbc94f9f1c46
SHA256

0c27755cb810e7c690dfed794b9ae4db753608c555a7bfb2103d662912a38441
SHA512

f66961797b738416d70f07b65104635a81d6d99f4fb2ec6650e2bf7f5808d86f3dabcd46d290beac89b5830fbb95d830cb868fc0618d599ea9929c52b12ce772
SSDEEP

24576:W85sRNfVmNG1zbF4WrFakzsQlEeE4MEDGZN1xqSlIkDir3vG:W8qDVmUhJva/wRnDyPoCIkDir

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1136	3bc6e8cc505cf4c00a4743ee5140da8e.exe

Executes dropped EXE 1 IoCs

pid	Process
1136	3bc6e8cc505cf4c00a4743ee5140da8e.exe

Loads dropped DLL 1 IoCs

pid	Process
2180	3bc6e8cc505cf4c00a4743ee5140da8e.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2180-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/1136-18-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000c0000000133b0-16.dat	upx
behavioral1/files/0x000c0000000133b0-13.dat	upx
behavioral1/files/0x000c0000000133b0-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2180	3bc6e8cc505cf4c00a4743ee5140da8e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2180	3bc6e8cc505cf4c00a4743ee5140da8e.exe
1136	3bc6e8cc505cf4c00a4743ee5140da8e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 1136	2180	3bc6e8cc505cf4c00a4743ee5140da8e.exe	17
PID 2180 wrote to memory of 1136	2180	3bc6e8cc505cf4c00a4743ee5140da8e.exe	17
PID 2180 wrote to memory of 1136	2180	3bc6e8cc505cf4c00a4743ee5140da8e.exe	17
PID 2180 wrote to memory of 1136	2180	3bc6e8cc505cf4c00a4743ee5140da8e.exe	17

C:\Users\Admin\AppData\Local\Temp\3bc6e8cc505cf4c00a4743ee5140da8e.exe
"C:\Users\Admin\AppData\Local\Temp\3bc6e8cc505cf4c00a4743ee5140da8e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Users\Admin\AppData\Local\Temp\3bc6e8cc505cf4c00a4743ee5140da8e.exe
  C:\Users\Admin\AppData\Local\Temp\3bc6e8cc505cf4c00a4743ee5140da8e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3bc6e8cc505cf4c00a4743ee5140da8e.exe

Filesize
9KB

MD5
291d4197d2c2ef378992181522516143

SHA1
695b81f04be0f3eaaf7f98262890e2e92921c62c

SHA256
8d752900f3811a9c154a2fd4529d64290c54ef863e1da03c8918b00efcbfa69b

SHA512
c398761b13c5a4e6ee6e111dc5b458621548e8a3beb003bed65018544e92ff2311aa050f4943772372c239485163755c7050a9055d77a0b6d639e7b61be39aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\3bc6e8cc505cf4c00a4743ee5140da8e.exe

Filesize
64KB

MD5
5d5d83a0ca08dab65a488d1579445ff8

SHA1
cd8b07aa81d70be20ec0e3e9a232f0df662e5fc2

SHA256
149cacd802e62f527769c8d4e94127d8120f5dc056dfe4d7d42f809df95b8a66

SHA512
ec216015721ed45302027b3f0b1c54f9b1f559eced5ee44491142e480cd0f47dc3b9752819e5285433888438f8d09ff3ada200b4d2d046df5028e1938fac653e

Download Submit
\Users\Admin\AppData\Local\Temp\3bc6e8cc505cf4c00a4743ee5140da8e.exe

Filesize
70KB

MD5
333a88e1c1cfa89750c2ac90c5456051

SHA1
b44e38f7b6f872e5ca8ffe4577e538c2f163695a

SHA256
bb552995d4b1a115889dbb9f82c1bfd327c9ea24994d90d6b684dd9493c212d6

SHA512
df3f9923851f40fa74d43579070f86c3243b6c7feb032cd5ed331eb5995ba89bd8f75c998230a8e5b7ceabdd6109ef2dc87820b3a93fb8fe661ee8c73a4f1740

Download Submit
memory/1136-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1136-20-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/1136-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1136-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2180-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2180-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2180-15-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download
memory/2180-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2180-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2180-26-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download