a5101ce46691c0d1347529ff011817196a1caa5bd59fff6a3be73873c8c5d609

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/02/2024, 04:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

888be668895c287f203dbe978e3af7c8.exe
Size

2.7MB
MD5

888be668895c287f203dbe978e3af7c8
SHA1

24f191a0d6d0d5136cd9db8719d8bd8faac3a313
SHA256

a5101ce46691c0d1347529ff011817196a1caa5bd59fff6a3be73873c8c5d609
SHA512

9c333420e396d4a3b3b7750986ea83fb03d8155003f35095628504bf76cb802170483bd2d8fce660a1115fbaa70cde413960d5ca5be71b15b7342b98069134ea
SSDEEP

49152:iUsRxWMXfkJpsNl4vDdtcR9ktBc1+Q4YdxSChG38bDUggR9t:iUuPXKpMlKkHktBcwQDM2YIDULHt

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2664	888be668895c287f203dbe978e3af7c8.exe

Executes dropped EXE 1 IoCs

pid	Process
2664	888be668895c287f203dbe978e3af7c8.exe

Loads dropped DLL 1 IoCs

pid	Process
1984	888be668895c287f203dbe978e3af7c8.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1984-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a000000012247-13.dat	upx
behavioral1/files/0x000a000000012247-12.dat	upx
behavioral1/memory/2664-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1984	888be668895c287f203dbe978e3af7c8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1984	888be668895c287f203dbe978e3af7c8.exe
2664	888be668895c287f203dbe978e3af7c8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2664	1984	888be668895c287f203dbe978e3af7c8.exe	28
PID 1984 wrote to memory of 2664	1984	888be668895c287f203dbe978e3af7c8.exe	28
PID 1984 wrote to memory of 2664	1984	888be668895c287f203dbe978e3af7c8.exe	28
PID 1984 wrote to memory of 2664	1984	888be668895c287f203dbe978e3af7c8.exe	28

C:\Users\Admin\AppData\Local\Temp\888be668895c287f203dbe978e3af7c8.exe
"C:\Users\Admin\AppData\Local\Temp\888be668895c287f203dbe978e3af7c8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Users\Admin\AppData\Local\Temp\888be668895c287f203dbe978e3af7c8.exe
  C:\Users\Admin\AppData\Local\Temp\888be668895c287f203dbe978e3af7c8.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\888be668895c287f203dbe978e3af7c8.exe

Filesize
2.7MB

MD5
35483b3fc5b90032549684544402df34

SHA1
e04508d1a8fcd3975dd179fe56e8cbc365501d76

SHA256
eb126d6f53dc804fe89463c7dd0d7b7698db308a02b370368dc174d74c02b98a

SHA512
7fdfb896bf080d0928ea77137ff7f93261dc9ae1725e3f150c40071822e3c86194beb1bc84751d333cf85d25b931f8831438e9ef9e95abc184dbee4a04e912ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\888be668895c287f203dbe978e3af7c8.exe

Filesize
1.8MB

MD5
9cdebb26c48f690e3ae9a17b33942265

SHA1
677a2504e709744347e81016b11aad1405f25539

SHA256
8387206689923cbe589e12e90bff9a124388766d558f564fb361d47ead7cb93c

SHA512
d9fdd66fbd38eb16f9025e440da794b4c9ad6460ae4bdb2ac57dcea3a8aaaa28c4f946bc760d3366fd94ef830a358c7c5dd52d3928fcd3c0bcc1cdf05c0ff323

Download Submit
memory/1984-14-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/1984-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1984-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1984-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1984-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2664-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2664-18-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2664-17-0x0000000000270000-0x00000000003A1000-memory.dmp

Filesize
1.2MB

Download
memory/2664-24-0x00000000034E0000-0x0000000003702000-memory.dmp

Filesize
2.1MB

Download
memory/2664-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2664-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download