23facc0455064d414015460420ff4ffbb966a86b698e258538a3b5760b5e66e4

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6884f9cd0f6efc4918ea174d54862a88.exe
Size

1.5MB
MD5

6884f9cd0f6efc4918ea174d54862a88
SHA1

96a379541d3b8b683719049bc63337b52ff1c437
SHA256

23facc0455064d414015460420ff4ffbb966a86b698e258538a3b5760b5e66e4
SHA512

9857a79e6817771b7554e02cfe0bf2320b0d0e11e2c9278e3c443bee354e8d95b5466c906fad54296e8c0efced2418ea68a35b38ac347257687aedd94cca6a1f
SSDEEP

24576:7O/0Mls2WnDqTEBXegfIGZsPSeBwTTK3+xijyhFCDUIQuCZ3qW:7ulrudXfPsxwHK3awwkYXHZ3q

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2404	6884f9cd0f6efc4918ea174d54862a88.exe

Executes dropped EXE 1 IoCs

pid	Process
2404	6884f9cd0f6efc4918ea174d54862a88.exe

Loads dropped DLL 1 IoCs

pid	Process
816	6884f9cd0f6efc4918ea174d54862a88.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/816-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012252-10.dat	upx
behavioral1/files/0x0009000000012252-14.dat	upx
behavioral1/memory/816-15-0x0000000003510000-0x00000000039FF000-memory.dmp	upx
behavioral1/memory/2404-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
816	6884f9cd0f6efc4918ea174d54862a88.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
816	6884f9cd0f6efc4918ea174d54862a88.exe
2404	6884f9cd0f6efc4918ea174d54862a88.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 2404	816	6884f9cd0f6efc4918ea174d54862a88.exe	28
PID 816 wrote to memory of 2404	816	6884f9cd0f6efc4918ea174d54862a88.exe	28
PID 816 wrote to memory of 2404	816	6884f9cd0f6efc4918ea174d54862a88.exe	28
PID 816 wrote to memory of 2404	816	6884f9cd0f6efc4918ea174d54862a88.exe	28

C:\Users\Admin\AppData\Local\Temp\6884f9cd0f6efc4918ea174d54862a88.exe
"C:\Users\Admin\AppData\Local\Temp\6884f9cd0f6efc4918ea174d54862a88.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:816
- C:\Users\Admin\AppData\Local\Temp\6884f9cd0f6efc4918ea174d54862a88.exe
  C:\Users\Admin\AppData\Local\Temp\6884f9cd0f6efc4918ea174d54862a88.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6884f9cd0f6efc4918ea174d54862a88.exe

Filesize
813KB

MD5
0da9e5e3fd77163ccc0fffab9d9c30a1

SHA1
61e12cb9c170108288bc7159fb08f26d3cf3a4d0

SHA256
e4544a352e00ab703e4d8ea163f37e37a80ad710b984869d5832f9f9795693e2

SHA512
2d713ae852e38c95efc6134503b5f0b7c063d55a69aff1f5d8ba415f4515fbf32445e6c0ed15b1ebfaa379cb3d8e0d693f4a6b7dd342b3f13d12f07d0801e5fc

Download Submit
\Users\Admin\AppData\Local\Temp\6884f9cd0f6efc4918ea174d54862a88.exe

Filesize
768KB

MD5
e9199a4a3c354d498548d5184c12ec9d

SHA1
6acb79d4c09ad3290641d708de6e7c7be214345a

SHA256
9ba71267fd75b8549048a87eee0893f4eff39c150ae9634606a625cb6d851632

SHA512
2393c6848d0bcc8887e4862bc23b4209d828a467b5404756c7af20c1d4fdc839b6cef57ba10a03105a625f7a276806a4c5a7877322acc9386705541a609c30f6

Download Submit
memory/816-15-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/816-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/816-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/816-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/816-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/816-31-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2404-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2404-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2404-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2404-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2404-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2404-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download