857ad9847402ad4557577e697dacaeb72d4edaf3037bf2ab1a411b32ca510a5e

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-02-2024 19:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87ae664470a2e862df8928a5ac5828e2.exe
Size

1.3MB
MD5

87ae664470a2e862df8928a5ac5828e2
SHA1

6f083709e6c539994b3f0ecd6edf3884dfe1ea2b
SHA256

857ad9847402ad4557577e697dacaeb72d4edaf3037bf2ab1a411b32ca510a5e
SHA512

7abb1cd2755b3cde2fb5ed0b368b7e709f9fe1a1865820beb4f41776a08b77bb7cf7a246c0c8eaa9e830ce6ca1e835598f4be7e26e3879a59389e8dc53d41caa
SSDEEP

24576:Agzho7sFmKQBjxWBCf+HbSH8ND8btbIC76fvU9/9Us:/Vo7sFJSjIBCf0btNAbtUAScR9j

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2696	87ae664470a2e862df8928a5ac5828e2.exe

Executes dropped EXE 1 IoCs

pid	Process
2696	87ae664470a2e862df8928a5ac5828e2.exe

Loads dropped DLL 1 IoCs

pid	Process
2496	87ae664470a2e862df8928a5ac5828e2.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2496-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0008000000012256-10.dat	upx
behavioral1/files/0x0008000000012256-12.dat	upx
behavioral1/files/0x0008000000012256-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2496	87ae664470a2e862df8928a5ac5828e2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2496	87ae664470a2e862df8928a5ac5828e2.exe
2696	87ae664470a2e862df8928a5ac5828e2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2696	2496	87ae664470a2e862df8928a5ac5828e2.exe	28
PID 2496 wrote to memory of 2696	2496	87ae664470a2e862df8928a5ac5828e2.exe	28
PID 2496 wrote to memory of 2696	2496	87ae664470a2e862df8928a5ac5828e2.exe	28
PID 2496 wrote to memory of 2696	2496	87ae664470a2e862df8928a5ac5828e2.exe	28

C:\Users\Admin\AppData\Local\Temp\87ae664470a2e862df8928a5ac5828e2.exe
"C:\Users\Admin\AppData\Local\Temp\87ae664470a2e862df8928a5ac5828e2.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Users\Admin\AppData\Local\Temp\87ae664470a2e862df8928a5ac5828e2.exe
  C:\Users\Admin\AppData\Local\Temp\87ae664470a2e862df8928a5ac5828e2.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\87ae664470a2e862df8928a5ac5828e2.exe

Filesize
1.1MB

MD5
f3dc41c8061fbc0e0109572a15eefedc

SHA1
a058416757699a03a0540ba880086417d9d9d3bc

SHA256
c6d5d9e29521aa4781d38ee28e9ddaeab01db4ca98a1947196d37ab57606bb4e

SHA512
baaaa7f47d31a5482119bcb8a1c18ea68426214cd44da0ee033f715503322e14f419f8db78942731dfec53820bd315174dad936976b2faa03070b6a201d8387c

Download Submit
C:\Users\Admin\AppData\Local\Temp\87ae664470a2e862df8928a5ac5828e2.exe

Filesize
832KB

MD5
d34005c87fab35bb79f59ea57a48d0d9

SHA1
975dbbc729e462ab32f26fe29ff50fedfeb14328

SHA256
3b5d94cdb47cfaac40024c0e6f908d0d7152b9ed5ff0558c320a915394f0a0b9

SHA512
a05b43ec10934a8ae279984fb910fd23e780f1bc8f3ad2e1ec443c2754db07397812c58634980b4d8f603031f34abc52626a5e9bd656f33379daf5fca7986098

Download Submit
\Users\Admin\AppData\Local\Temp\87ae664470a2e862df8928a5ac5828e2.exe

Filesize
1.3MB

MD5
11754440e4d3d7916f1b1abef5d11915

SHA1
dab8ebb94f0f36f768b1e45634468a39020a44e1

SHA256
8597656a89539dd0ae389a6ba6507d604fa3416dfec83bcd895bd1c630c850af

SHA512
c7a939295b3369cfeaf37157936c287a6f64e72c3402a6837493c7bb0b616787cd5dde82023099e2bba43ffaae198d27b2564caadcd5efaf0ea289662e15bcfa

Download Submit
memory/2496-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2496-3-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2496-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2496-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2496-15-0x0000000003650000-0x0000000003B37000-memory.dmp

Filesize
4.9MB

Download
memory/2496-31-0x0000000003650000-0x0000000003B37000-memory.dmp

Filesize
4.9MB

Download
memory/2696-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2696-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2696-18-0x0000000000280000-0x00000000003B1000-memory.dmp

Filesize
1.2MB

Download
memory/2696-24-0x00000000034F0000-0x0000000003712000-memory.dmp

Filesize
2.1MB

Download
memory/2696-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2696-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download