5bcb1a136ec6478b0c2e1c7097fa7d81b9e50e9a296dcf28177f6555b2106b59

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/02/2024, 21:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8aa2092567adaa4cddd0269dad56ed6d.exe
Size

1.3MB
MD5

8aa2092567adaa4cddd0269dad56ed6d
SHA1

6ca37dd66a36b96654255fc18a6b9ba1d0107207
SHA256

5bcb1a136ec6478b0c2e1c7097fa7d81b9e50e9a296dcf28177f6555b2106b59
SHA512

afec758bf1c2f2b65ef7e93f431c5ae21fa5dd94302479315052cb948c669253a507b2a93097bd9882ec4615595c0acd763a5fefde55b78079be6ee37fc2795f
SSDEEP

24576:o69IgTIhdrFFsmIU3Baeu2rE6cwID2n3ZZEUK6vavG:QgT0bsm3RaQwLD2nJZEB6v

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2672	8aa2092567adaa4cddd0269dad56ed6d.exe

Executes dropped EXE 1 IoCs

pid	Process
2672	8aa2092567adaa4cddd0269dad56ed6d.exe

Loads dropped DLL 1 IoCs

pid	Process
1236	8aa2092567adaa4cddd0269dad56ed6d.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1236-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000800000001224a-11.dat	upx
behavioral1/memory/2672-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000800000001224a-16.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1236	8aa2092567adaa4cddd0269dad56ed6d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1236	8aa2092567adaa4cddd0269dad56ed6d.exe
2672	8aa2092567adaa4cddd0269dad56ed6d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 2672	1236	8aa2092567adaa4cddd0269dad56ed6d.exe	28
PID 1236 wrote to memory of 2672	1236	8aa2092567adaa4cddd0269dad56ed6d.exe	28
PID 1236 wrote to memory of 2672	1236	8aa2092567adaa4cddd0269dad56ed6d.exe	28
PID 1236 wrote to memory of 2672	1236	8aa2092567adaa4cddd0269dad56ed6d.exe	28

C:\Users\Admin\AppData\Local\Temp\8aa2092567adaa4cddd0269dad56ed6d.exe
"C:\Users\Admin\AppData\Local\Temp\8aa2092567adaa4cddd0269dad56ed6d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Users\Admin\AppData\Local\Temp\8aa2092567adaa4cddd0269dad56ed6d.exe
  C:\Users\Admin\AppData\Local\Temp\8aa2092567adaa4cddd0269dad56ed6d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8aa2092567adaa4cddd0269dad56ed6d.exe

Filesize
960KB

MD5
2cc67a21163cf7a68bc7d3879ed52770

SHA1
85618b5a08efcee8b6b69bb420d8a4b9219c73b8

SHA256
2428a657180ec22227cc362de9e711d19f5f120035028342b79ce94f4f22aeaa

SHA512
b7b8288d65ff7f714d3f566dfd72aa5f72d2e1c1b187d868dc1531442e824aaae029a8ae07fee71a2519f5757ab2afb708141d7787dcd6e311610293f25af45b

Download Submit
\Users\Admin\AppData\Local\Temp\8aa2092567adaa4cddd0269dad56ed6d.exe

Filesize
1.3MB

MD5
fce4f95796727b3be8fc8a7625ee472f

SHA1
0ed26b82d33f70f184f760247e0a39c5b9a3f8a6

SHA256
84414b93cf08271cfda161e131985e09c0a843dcbc80436d8e825cd9b688d1a2

SHA512
955bc5134eddda791123fa2405179d18630cf751c172662ca84e9823f819b1d89d6492608fcda92ac731e18d265a92d8f1ba04d07b3d15ca6a21311bccf9ebd3

Download Submit
memory/1236-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1236-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1236-3-0x0000000000240000-0x0000000000352000-memory.dmp

Filesize
1.1MB

Download
memory/1236-15-0x00000000034F0000-0x000000000395A000-memory.dmp

Filesize
4.4MB

Download
memory/1236-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1236-26-0x00000000034F0000-0x000000000395A000-memory.dmp

Filesize
4.4MB

Download
memory/2672-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2672-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2672-19-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2672-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download