c92187cd56818a8ab5b796fe4243925fc31d2a8b00504f1d345c4a99e38d8aa3

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-02-2024 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8652759023180a6f20839095a26167ea.exe
Size

11.7MB
MD5

8652759023180a6f20839095a26167ea
SHA1

6d960e37b8243aec4156086e60d9bef1f9b0e228
SHA256

c92187cd56818a8ab5b796fe4243925fc31d2a8b00504f1d345c4a99e38d8aa3
SHA512

277dd31d3df8b8a7866de1083e1f779451c4e32aa9ea73b21dec85813917fe6471fdf2dc06f3eaac902ed576ebf87369d2cfe207a4a77ed0057e8c5afb127566
SSDEEP

196608:Ph21yDacWCCCvI35NyWWC09rspaDGWCCCvI35NyWWC:01mfsCC5NyWqr5qsCC5NyW

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2360	8652759023180a6f20839095a26167ea.exe

Executes dropped EXE 1 IoCs

pid	Process
2360	8652759023180a6f20839095a26167ea.exe

Loads dropped DLL 1 IoCs

pid	Process
2508	8652759023180a6f20839095a26167ea.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2508-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001225c-10.dat	upx
behavioral1/files/0x000b00000001225c-15.dat	upx
behavioral1/memory/2360-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2508	8652759023180a6f20839095a26167ea.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2508	8652759023180a6f20839095a26167ea.exe
2360	8652759023180a6f20839095a26167ea.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2360	2508	8652759023180a6f20839095a26167ea.exe	28
PID 2508 wrote to memory of 2360	2508	8652759023180a6f20839095a26167ea.exe	28
PID 2508 wrote to memory of 2360	2508	8652759023180a6f20839095a26167ea.exe	28
PID 2508 wrote to memory of 2360	2508	8652759023180a6f20839095a26167ea.exe	28

C:\Users\Admin\AppData\Local\Temp\8652759023180a6f20839095a26167ea.exe
"C:\Users\Admin\AppData\Local\Temp\8652759023180a6f20839095a26167ea.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Users\Admin\AppData\Local\Temp\8652759023180a6f20839095a26167ea.exe
  C:\Users\Admin\AppData\Local\Temp\8652759023180a6f20839095a26167ea.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8652759023180a6f20839095a26167ea.exe

Filesize
285KB

MD5
9f08de1d34d59a9b57595ca879956a44

SHA1
2436bf82ffeaa67574e06f79bc4d4b6c222ca0f9

SHA256
dfac6366aa5d5be5a915e5727a188040eb9356798c2a5f0863923b47a8d68d71

SHA512
e8375fb5db3d61a7c82cee91a426b73eb2b972961ec5abdc7cc2add5f2b8cf40d8310c50db31a8a9f6f08afe9143624316c280148e7c480016aeb5fe4f758981

Download Submit
\Users\Admin\AppData\Local\Temp\8652759023180a6f20839095a26167ea.exe

Filesize
454KB

MD5
3db3b6141f2f10f8346ff4c71d9c8348

SHA1
bc190ef79eca532df384bb3116c65f99f31f14c3

SHA256
acfad69305ffb60365f6079c27a1c75ff80c5c023ddcbb91944682dbda921453

SHA512
4112f210b8c6161bd38e13ab51bbb5463ce9bf4bcaa45bd3d3ac0feebed01d5a3d891f2a06414631ec0fdd5b91f5aa290eecf0141c171076e1b452aa7d508b30

Download Submit
memory/2360-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2360-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2360-17-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2360-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2360-26-0x0000000003670000-0x000000000389A000-memory.dmp

Filesize
2.2MB

Download
memory/2360-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2508-3-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2508-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2508-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2508-14-0x0000000004A60000-0x0000000004F4F000-memory.dmp

Filesize
4.9MB

Download
memory/2508-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2508-31-0x0000000004A60000-0x0000000004F4F000-memory.dmp

Filesize
4.9MB

Download