a3acb5f0e8b775c0d3a2e2b069f9c2054ee2b304fa18e89a50b13d2dcd37f430

Analysis

max time kernel
103s
max time network
38s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11-01-2024 16:55

Target

8855378a8e7979cd12872f5b3715e890.exe
Size

1.2MB
MD5

8855378a8e7979cd12872f5b3715e890
SHA1

3413ae0a2cf1744943c5e9e5847e6eb133b57ce1
SHA256

a3acb5f0e8b775c0d3a2e2b069f9c2054ee2b304fa18e89a50b13d2dcd37f430
SHA512

620cf3b8cc79a03b58850c2cd47b8d6cfff48ed7518f70a1207b2dae7b3b0db6d2853c8ebdbb22a85b1691d74ee8c024285ca87e74e1c1c8acf52a9279c1d4c7
SSDEEP

24576:sSLLj7qDlluQ2dSm9X8IZy8HG8AyJJQnc79ETegwt:sgqDlgQ2B9stSGbyJWnBCgi

Score

7^/10

upx

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1352-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1352-1-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2736-4-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1352-3-0x00000000045C0000-0x00000000045DC000-memory.dmp	upx
behavioral1/memory/1980-7-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1724-5-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/files/0x0031000000015c9b-13.dat	upx
behavioral1/memory/2736-75-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1724-79-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/1980-82-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral1/memory/2736-81-0x0000000004900000-0x000000000491C000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 2736	1352	8855378a8e7979cd12872f5b3715e890.exe	28
PID 1352 wrote to memory of 2736	1352	8855378a8e7979cd12872f5b3715e890.exe	28
PID 1352 wrote to memory of 2736	1352	8855378a8e7979cd12872f5b3715e890.exe	28
PID 1352 wrote to memory of 2736	1352	8855378a8e7979cd12872f5b3715e890.exe	28

C:\Users\Admin\AppData\Local\Temp\8855378a8e7979cd12872f5b3715e890.exe
"C:\Users\Admin\AppData\Local\Temp\8855378a8e7979cd12872f5b3715e890.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Local\Temp\8855378a8e7979cd12872f5b3715e890.exe
  "C:\Users\Admin\AppData\Local\Temp\8855378a8e7979cd12872f5b3715e890.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\8855378a8e7979cd12872f5b3715e890.exe
    "C:\Users\Admin\AppData\Local\Temp\8855378a8e7979cd12872f5b3715e890.exe"
    3⤵
    PID:1980
- C:\Users\Admin\AppData\Local\Temp\8855378a8e7979cd12872f5b3715e890.exe
  "C:\Users\Admin\AppData\Local\Temp\8855378a8e7979cd12872f5b3715e890.exe"
  2⤵
  PID:1724

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Program Files\Windows Sidebar\Shared Gadgets\gay hidden titts .mpeg.exe

Filesize
8KB

MD5
f9a50e61a10cfa632f9f342ca7818f5f

SHA1
502e5b9a39c2611a56277267e332e103dd8e264b

SHA256
a906183a229ebab5d1c8ecb38816c2bb60d06cb40731d56777da3d0aeb41eacb

SHA512
f65fa40a638adc9bfe4b99699e0f9d139bb6f835f39c707d8675ff3df8a3d684414fbda98e82fca85a1104199b0cf5ebaad054fb49da6457cf43484c986ea947

Download Submit
memory/1352-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1352-1-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1352-3-0x00000000045C0000-0x00000000045DC000-memory.dmp

Filesize
112KB

Download
memory/1724-5-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1724-79-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1980-7-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1980-82-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2736-4-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2736-6-0x0000000004900000-0x000000000491C000-memory.dmp

Filesize
112KB

Download
memory/2736-75-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2736-81-0x0000000004900000-0x000000000491C000-memory.dmp

Filesize
112KB

Download