ac090deb152f4a444639866dcc31f20bb00c725f29ef4c96b9b210fe576ead26

Analysis

max time kernel
118s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/01/2024, 05:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5a60620d5f589f78a95a576e45afce3e.exe
Size

110KB
MD5

5a60620d5f589f78a95a576e45afce3e
SHA1

e32dcf4a7ede8947c134604cd0c863f77f5f4d6f
SHA256

ac090deb152f4a444639866dcc31f20bb00c725f29ef4c96b9b210fe576ead26
SHA512

4d78f77260194b51aecfc3a8a4ed50481508aae72af58c4bc7a1a6faf2e0e67fbae6e712454c74e60d3e7ca8df9041e5449dbc4515f8135df0805300edab30fb
SSDEEP

1536:aayvRUVU37ciNbyChBkqHzk+lY1zGdRAbor10wUSfj41Y1UIQDeJhlWeEithf0Lu:reCe7BzPMw12YjzQCh81i3f0LOJ7Bn

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2676	apocalyps32.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1708-0-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1708-6-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/files/0x000c000000012252-5.dat	upx
behavioral1/memory/2676-10-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/2676-12-0x0000000040010000-0x000000004004C000-memory.dmp	upx
behavioral1/memory/2676-15-0x0000000000400000-0x0000000000429000-memory.dmp	upx
behavioral1/memory/1708-16-0x0000000000250000-0x0000000000279000-memory.dmp	upx

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\apocalyps32.exe	5a60620d5f589f78a95a576e45afce3e.exe
File opened for modification	C:\Windows\apocalyps32.exe	5a60620d5f589f78a95a576e45afce3e.exe
File created	C:\Windows\apocalyps32.exe	apocalyps32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2676	1708	5a60620d5f589f78a95a576e45afce3e.exe	28
PID 1708 wrote to memory of 2676	1708	5a60620d5f589f78a95a576e45afce3e.exe	28
PID 1708 wrote to memory of 2676	1708	5a60620d5f589f78a95a576e45afce3e.exe	28
PID 1708 wrote to memory of 2676	1708	5a60620d5f589f78a95a576e45afce3e.exe	28
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29
PID 2676 wrote to memory of 2196	2676	apocalyps32.exe	29

C:\Users\Admin\AppData\Local\Temp\5a60620d5f589f78a95a576e45afce3e.exe
"C:\Users\Admin\AppData\Local\Temp\5a60620d5f589f78a95a576e45afce3e.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\apocalyps32.exe
  -bs
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2676
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\apocalyps32.exe

Filesize
110KB

MD5
5a60620d5f589f78a95a576e45afce3e

SHA1
e32dcf4a7ede8947c134604cd0c863f77f5f4d6f

SHA256
ac090deb152f4a444639866dcc31f20bb00c725f29ef4c96b9b210fe576ead26

SHA512
4d78f77260194b51aecfc3a8a4ed50481508aae72af58c4bc7a1a6faf2e0e67fbae6e712454c74e60d3e7ca8df9041e5449dbc4515f8135df0805300edab30fb

Download Submit
memory/1708-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1708-6-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1708-7-0x0000000000250000-0x0000000000279000-memory.dmp

Filesize
164KB

Download
memory/1708-16-0x0000000000250000-0x0000000000279000-memory.dmp

Filesize
164KB

Download
memory/2676-10-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2676-12-0x0000000040010000-0x000000004004C000-memory.dmp

Filesize
240KB

Download
memory/2676-15-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download