a854400af11dd16232301e5c27fe74ccb795854087b681161858a30d6e1920d4

Analysis

max time kernel
120s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8770301c32d8a0ea33c2a662ccfd4219.exe
Size

1.3MB
MD5

8770301c32d8a0ea33c2a662ccfd4219
SHA1

c08572dd9a5aa9de294e375c8c379da346fa1bc2
SHA256

a854400af11dd16232301e5c27fe74ccb795854087b681161858a30d6e1920d4
SHA512

fc423f6105cbe9964aa4b4af5d42d738a61079d48054bef65c292bb311ed9af70a0ae7e4ded51dbdea9e6106a885f5344e1b71d12038321e25fddd522b2673b4
SSDEEP

24576:XxHBrhWoejJmKSnXFG60Avfe5mi6WaSi62duC8Qw1riKQYGQb+vG:BHBrOmKSnVxtfeci6ZufPriKQJ6

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2112	8770301c32d8a0ea33c2a662ccfd4219.exe

Executes dropped EXE 1 IoCs

pid	Process
2112	8770301c32d8a0ea33c2a662ccfd4219.exe

Loads dropped DLL 1 IoCs

pid	Process
2188	8770301c32d8a0ea33c2a662ccfd4219.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2188-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a000000012268-16.dat	upx
behavioral1/memory/2112-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a000000012268-13.dat	upx
behavioral1/files/0x000a000000012268-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2188	8770301c32d8a0ea33c2a662ccfd4219.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2188	8770301c32d8a0ea33c2a662ccfd4219.exe
2112	8770301c32d8a0ea33c2a662ccfd4219.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2112	2188	8770301c32d8a0ea33c2a662ccfd4219.exe	28
PID 2188 wrote to memory of 2112	2188	8770301c32d8a0ea33c2a662ccfd4219.exe	28
PID 2188 wrote to memory of 2112	2188	8770301c32d8a0ea33c2a662ccfd4219.exe	28
PID 2188 wrote to memory of 2112	2188	8770301c32d8a0ea33c2a662ccfd4219.exe	28

C:\Users\Admin\AppData\Local\Temp\8770301c32d8a0ea33c2a662ccfd4219.exe
"C:\Users\Admin\AppData\Local\Temp\8770301c32d8a0ea33c2a662ccfd4219.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Users\Admin\AppData\Local\Temp\8770301c32d8a0ea33c2a662ccfd4219.exe
  C:\Users\Admin\AppData\Local\Temp\8770301c32d8a0ea33c2a662ccfd4219.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8770301c32d8a0ea33c2a662ccfd4219.exe

Filesize
679KB

MD5
5a7641340552303a02ef07a3f55388d6

SHA1
bacc7a32616e836b12b98382cf4a10ae9134c6f9

SHA256
7ee809ed23673d9593e8e03afdf8f2560d56e331963c51f8c953a1e83b3ebbdb

SHA512
ca6ca549ec49fbc683d32c80c9249813c03437667927750ce5d603f897a084d49ba04d3d3da5fd9fea06ca5d2be0afeb4e30d75623433829a522bc98ae9e456f

Download Submit
C:\Users\Admin\AppData\Local\Temp\8770301c32d8a0ea33c2a662ccfd4219.exe

Filesize
673KB

MD5
45e8473860ea4a687f262996ece820d1

SHA1
bf52c7ae5f0baf36601601a511406c287ff4373a

SHA256
0e6265c7906cad6d58d09bebc5858c0fa307cd4bdf52498e6444245c3fafa4ba

SHA512
bcb4536dba04a270d9d8624e8205555ebce28eca88ad949b857e8bb2dbbe931d32a8d8aeca63e692b817bb20c213fc01f74d338b5bd21b0f287be341dff6a6cd

Download Submit
\Users\Admin\AppData\Local\Temp\8770301c32d8a0ea33c2a662ccfd4219.exe

Filesize
978KB

MD5
b66795c7f82410c70486a50556751436

SHA1
985ed0d80981297c5d837048b319716175633ec7

SHA256
61c76a22dad97956c5794fa58009ec6247d34dd476d84f89c5688007bebaea77

SHA512
282d6c3135ec6d74754b683e9e07dd3db95b716225d38ca6b9203f2ceceb6d49e087071f3134f1517ca57224cd95db2a1503006b4f6dccf89caf7176f1564065

Download Submit
memory/2112-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2112-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2112-19-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2112-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2188-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2188-2-0x00000000002C0000-0x00000000003D2000-memory.dmp

Filesize
1.1MB

Download
memory/2188-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2188-15-0x00000000033E0000-0x000000000384A000-memory.dmp

Filesize
4.4MB

Download
memory/2188-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download