6ce77f13690f978de4e12fa5e936f06bb0b5f41ee93490a7d667ab49be432b46

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-02-2024 21:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87c4423ac0440e9a5938f82cae77f0e2.exe
Size

1.5MB
MD5

87c4423ac0440e9a5938f82cae77f0e2
SHA1

46b858266b5e875af8c8b4260bf4c07c7fc69214
SHA256

6ce77f13690f978de4e12fa5e936f06bb0b5f41ee93490a7d667ab49be432b46
SHA512

8279bd3fd5b36542e54fe4846b2b4424eca536276082eedc678ffd649b8e998bf723df171991118392e554ecd6b54532d3adef18ee95fa31007c996ce03fbfbc
SSDEEP

24576:Ti1qQH70z9Rrvsf3UFG9SJwkXHwXKBKfAL2i5B2bLtaLL+W:TM70zbsPUYMw2wA8ALVPeL8La

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2192	87c4423ac0440e9a5938f82cae77f0e2.exe

Executes dropped EXE 1 IoCs

pid	Process
2192	87c4423ac0440e9a5938f82cae77f0e2.exe

Loads dropped DLL 1 IoCs

pid	Process
2148	87c4423ac0440e9a5938f82cae77f0e2.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2148-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001224e-15.dat	upx
behavioral1/memory/2192-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001224e-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2148	87c4423ac0440e9a5938f82cae77f0e2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2148	87c4423ac0440e9a5938f82cae77f0e2.exe
2192	87c4423ac0440e9a5938f82cae77f0e2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2192	2148	87c4423ac0440e9a5938f82cae77f0e2.exe	28
PID 2148 wrote to memory of 2192	2148	87c4423ac0440e9a5938f82cae77f0e2.exe	28
PID 2148 wrote to memory of 2192	2148	87c4423ac0440e9a5938f82cae77f0e2.exe	28
PID 2148 wrote to memory of 2192	2148	87c4423ac0440e9a5938f82cae77f0e2.exe	28

C:\Users\Admin\AppData\Local\Temp\87c4423ac0440e9a5938f82cae77f0e2.exe
"C:\Users\Admin\AppData\Local\Temp\87c4423ac0440e9a5938f82cae77f0e2.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Users\Admin\AppData\Local\Temp\87c4423ac0440e9a5938f82cae77f0e2.exe
  C:\Users\Admin\AppData\Local\Temp\87c4423ac0440e9a5938f82cae77f0e2.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\87c4423ac0440e9a5938f82cae77f0e2.exe

Filesize
580KB

MD5
bf1982d1e47cad29a77709203c620696

SHA1
710e826220cc206a05dd650095f91a2450ae1a5a

SHA256
8b432f51db80962516f2bc39c330117f885a35aac277b410a21865f5ea8cb9e3

SHA512
5c420e86fac37fa3fb147ecb776ec50ec3bf63cab0f385aaf7b22c63be7a01fba3a04cb9ba8e7c3ca67553d471e1156017bf700aa47ff4cb19ec72655d54c822

Download Submit
\Users\Admin\AppData\Local\Temp\87c4423ac0440e9a5938f82cae77f0e2.exe

Filesize
907KB

MD5
ea250cab9fb8a7c1acca5985def39df7

SHA1
e8cad99ad17dbddc5c132560fa76f6f91178cc5a

SHA256
d9f8a66adee60837b91cd6fda0ba31e213dea4fbe2c572fc5bff9f8b27176865

SHA512
cafac3e431fc37af828347b63886cb7a3744c558a4de2ec7f06f887377f411fb8c5911fa2bdc1bbcaf90916fcefc7e11520a690e9108693297b517918e970266

Download Submit
memory/2148-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2148-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2148-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2148-14-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2148-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2192-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2192-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2192-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2192-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2192-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2192-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download