3e6ac8a8da25c67621d8b7c98df9f8119b9239e7ce95be846653c239e1eb156b

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85a80e2d0c5ae2cc9034916f480c177c.exe
Size

8.7MB
MD5

85a80e2d0c5ae2cc9034916f480c177c
SHA1

f878d8064fea95bf2d00985fe562e47ac6a5b8c3
SHA256

3e6ac8a8da25c67621d8b7c98df9f8119b9239e7ce95be846653c239e1eb156b
SHA512

d85bdb43bcb0c3a7743ae40b02fdfcce07200015f65a3995255cd7202e75da9dab4a5f3ce352711a8176d87017de000377556a57b312e9f0bc0ed18290dea506
SSDEEP

196608:2IiLXWC/f1q3ULWCmZaoky7y6WC/f1q3ULWCX:2p7h1q3ULYZaokyLh1q3UL9

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2340	85a80e2d0c5ae2cc9034916f480c177c.exe

Executes dropped EXE 1 IoCs

pid	Process
2340	85a80e2d0c5ae2cc9034916f480c177c.exe

Loads dropped DLL 1 IoCs

pid	Process
2092	85a80e2d0c5ae2cc9034916f480c177c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2092-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2340-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012266-15.dat	upx
behavioral1/files/0x0008000000012266-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2092	85a80e2d0c5ae2cc9034916f480c177c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2092	85a80e2d0c5ae2cc9034916f480c177c.exe
2340	85a80e2d0c5ae2cc9034916f480c177c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2340	2092	85a80e2d0c5ae2cc9034916f480c177c.exe	28
PID 2092 wrote to memory of 2340	2092	85a80e2d0c5ae2cc9034916f480c177c.exe	28
PID 2092 wrote to memory of 2340	2092	85a80e2d0c5ae2cc9034916f480c177c.exe	28
PID 2092 wrote to memory of 2340	2092	85a80e2d0c5ae2cc9034916f480c177c.exe	28

C:\Users\Admin\AppData\Local\Temp\85a80e2d0c5ae2cc9034916f480c177c.exe
"C:\Users\Admin\AppData\Local\Temp\85a80e2d0c5ae2cc9034916f480c177c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Users\Admin\AppData\Local\Temp\85a80e2d0c5ae2cc9034916f480c177c.exe
  C:\Users\Admin\AppData\Local\Temp\85a80e2d0c5ae2cc9034916f480c177c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\85a80e2d0c5ae2cc9034916f480c177c.exe

Filesize
45KB

MD5
b341018cc65a0ce0f634a9a5c9af3209

SHA1
efb398be33030935dd4cc51991a3fd8f88723f9f

SHA256
8bccc5808d6216876016b46e96f42ca9f9691ef2f150105e00d380f0561731ba

SHA512
e5dc920bbcf29023462decae6dd4698bc16a3fd4fae70b728750182674bdc95253245d5407e0e24817535315277a064c2a6566d5a4583e2c5ba3159ab2391314

Download Submit
\Users\Admin\AppData\Local\Temp\85a80e2d0c5ae2cc9034916f480c177c.exe

Filesize
136KB

MD5
72831ead69d8fca5b0be8c9d10138416

SHA1
cafbd965ec280cf0eea7fb05f1ec425af0bb918d

SHA256
aba5e7a9da6d4a23fbd6d8538e0ef2c045f3385e97edada367433568bb8b6821

SHA512
73d69963cc4233e18611e61df888cfdccc38333557e89ee4168ef2405b7a5945c98c1c36816e2042e835ddde16af7abd79cb0697db206c5ac445753b10b4d215

Download Submit
memory/2092-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2092-14-0x00000000045F0000-0x0000000004ADF000-memory.dmp

Filesize
4.9MB

Download
memory/2092-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2092-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2092-2-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2092-31-0x00000000045F0000-0x0000000004ADF000-memory.dmp

Filesize
4.9MB

Download
memory/2340-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2340-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2340-17-0x00000000002A0000-0x00000000003D3000-memory.dmp

Filesize
1.2MB

Download
memory/2340-24-0x0000000003530000-0x000000000375A000-memory.dmp

Filesize
2.2MB

Download
memory/2340-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2340-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download