2c4b9b8ce38571a0fc56a8787bcaf27c1bda386d0194a03179a75b05c540884b

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/02/2024, 03:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

886e88306e43da70c4b6e9f10afe08e4.exe
Size

2.9MB
MD5

886e88306e43da70c4b6e9f10afe08e4
SHA1

14301afadd4a4dabd77f0500cd809349c6877f10
SHA256

2c4b9b8ce38571a0fc56a8787bcaf27c1bda386d0194a03179a75b05c540884b
SHA512

62394d86aa937181050102e89724ecd3b6b1c5c70c19f1d96c5e27548341fb0a38ae437a97d72f15a8670d5b0833acf9e5fbafb3925884ed7c05dcb17198b868
SSDEEP

49152:f/gv/fEJdT0R0h7qN2vsWrK7aNrP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:f/iMf5qNLWrDgg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2412	886e88306e43da70c4b6e9f10afe08e4.exe

Executes dropped EXE 1 IoCs

pid	Process
2412	886e88306e43da70c4b6e9f10afe08e4.exe

Loads dropped DLL 1 IoCs

pid	Process
1972	886e88306e43da70c4b6e9f10afe08e4.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1972-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001223b-10.dat	upx
behavioral1/files/0x000a00000001223b-12.dat	upx
behavioral1/files/0x000a00000001223b-15.dat	upx
behavioral1/memory/2412-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1972	886e88306e43da70c4b6e9f10afe08e4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1972	886e88306e43da70c4b6e9f10afe08e4.exe
2412	886e88306e43da70c4b6e9f10afe08e4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2412	1972	886e88306e43da70c4b6e9f10afe08e4.exe	28
PID 1972 wrote to memory of 2412	1972	886e88306e43da70c4b6e9f10afe08e4.exe	28
PID 1972 wrote to memory of 2412	1972	886e88306e43da70c4b6e9f10afe08e4.exe	28
PID 1972 wrote to memory of 2412	1972	886e88306e43da70c4b6e9f10afe08e4.exe	28

C:\Users\Admin\AppData\Local\Temp\886e88306e43da70c4b6e9f10afe08e4.exe
"C:\Users\Admin\AppData\Local\Temp\886e88306e43da70c4b6e9f10afe08e4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\886e88306e43da70c4b6e9f10afe08e4.exe
  C:\Users\Admin\AppData\Local\Temp\886e88306e43da70c4b6e9f10afe08e4.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\886e88306e43da70c4b6e9f10afe08e4.exe

Filesize
1.0MB

MD5
0b35342d1aa921d583c68f34e07b31b1

SHA1
83855ef7d753ea5c0f7e4bbb1f3a8cd9f51dac33

SHA256
98e42f2ccae47edc8fa3c93342fd8c1919c0710feed79cbb4a86cc275ecff188

SHA512
ff626107fcab486e2af9136f7397d8f5fc7fbabfdffced98f193104bfd5ba17723b07d41f3296b66b0676964fcb0d748fc16b80783c288c1bb879460eb45f4ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\886e88306e43da70c4b6e9f10afe08e4.exe

Filesize
1.2MB

MD5
f2f1560670c94eb80a5fdd7e79c3c0ad

SHA1
dbe2567d40d30c6befdcca7da8a0079191c26c3d

SHA256
1dcd6ac5a7d3aa5608ffe239342de674e68a2d51ce83bbc0095eea9267203956

SHA512
8be8887918dc065722f89ce71733eb93f52899fcf4794747aa82afcc910a4c1404dd33eb89ce73afb79ef2d9100988a7893c3653a1ad2510e6bc40b3b0a4ebbe

Download Submit
\Users\Admin\AppData\Local\Temp\886e88306e43da70c4b6e9f10afe08e4.exe

Filesize
1016KB

MD5
a239f62d420b52685f2bd274488e39bc

SHA1
581fd23c3eab15ba148c426f20452fc35c6dbbec

SHA256
f05ed0544ed85bbb57da51d7e838ea634f7dfac0f36cc22bf156475417440c2c

SHA512
1d5420d3a2c09379132e63f3e52a1ff6f49b4c7f92cc666a6f378caeb2609421452ba5300ea100cfead1fd0f16ef84ab3bde3b3a15ac1f7182c98bf93df52297

Download Submit
memory/1972-14-0x00000000037D0000-0x0000000003CBF000-memory.dmp

Filesize
4.9MB

Download
memory/1972-4-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/1972-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1972-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1972-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1972-31-0x00000000037D0000-0x0000000003CBF000-memory.dmp

Filesize
4.9MB

Download
memory/2412-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2412-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2412-18-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/2412-24-0x0000000003500000-0x000000000372A000-memory.dmp

Filesize
2.2MB

Download
memory/2412-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2412-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download