7ff49b68e1ed52e0c3e88dd29ff97128d2fbbc4d0b6398e0f5b61a0362ebf179

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02-02-2024 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

88c1716fbd5de56d344547cc1a124ba9.exe
Size

5.3MB
MD5

88c1716fbd5de56d344547cc1a124ba9
SHA1

717a533b8b91d14ce5331a48dedb1dad597736e2
SHA256

7ff49b68e1ed52e0c3e88dd29ff97128d2fbbc4d0b6398e0f5b61a0362ebf179
SHA512

09622c18d6efd2d97162749208819626edf3f7c984a606544b997067ba4192a9875133f5223cb87a9dcf1ae6e79e282cb72a5c5b26b4492bf765f234980bd3ff
SSDEEP

98304:IJb+6uTMDKFkV3LH7d8JpmmV91oqzHvVGVf+jY/UvJQc4H7d8JpmmV91oqzHj:IJb+4bd8JYmhtPjs/UvJP4bd8JYmhtD

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1656	88c1716fbd5de56d344547cc1a124ba9.exe

Executes dropped EXE 1 IoCs

pid	Process
1656	88c1716fbd5de56d344547cc1a124ba9.exe

Loads dropped DLL 1 IoCs

pid	Process
2364	88c1716fbd5de56d344547cc1a124ba9.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2364-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b000000012252-10.dat	upx
behavioral1/files/0x000b000000012252-15.dat	upx
behavioral1/memory/1656-17-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2364	88c1716fbd5de56d344547cc1a124ba9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2364	88c1716fbd5de56d344547cc1a124ba9.exe
1656	88c1716fbd5de56d344547cc1a124ba9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 1656	2364	88c1716fbd5de56d344547cc1a124ba9.exe	28
PID 2364 wrote to memory of 1656	2364	88c1716fbd5de56d344547cc1a124ba9.exe	28
PID 2364 wrote to memory of 1656	2364	88c1716fbd5de56d344547cc1a124ba9.exe	28
PID 2364 wrote to memory of 1656	2364	88c1716fbd5de56d344547cc1a124ba9.exe	28

C:\Users\Admin\AppData\Local\Temp\88c1716fbd5de56d344547cc1a124ba9.exe
"C:\Users\Admin\AppData\Local\Temp\88c1716fbd5de56d344547cc1a124ba9.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\88c1716fbd5de56d344547cc1a124ba9.exe
  C:\Users\Admin\AppData\Local\Temp\88c1716fbd5de56d344547cc1a124ba9.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\88c1716fbd5de56d344547cc1a124ba9.exe

Filesize
1.7MB

MD5
b81ead48692f3e7be464b12ab12242fb

SHA1
f45d28064f9f0ef708550c421029d3c2e2d4e75f

SHA256
4665cc27b089eceea220a632727e74ed6457811b32088717c7f4df5e283105c4

SHA512
455b4e5c24c20bf6b25e52e2da7c2e061584afc5d7bcc31b2f92b52630edbfa3e31af3592a8ca9eabb50115c1d41eb6eb96268bc15d0896af90155fe9bf91eff

Download Submit
\Users\Admin\AppData\Local\Temp\88c1716fbd5de56d344547cc1a124ba9.exe

Filesize
2.5MB

MD5
aee17e4918b4623446346eb51b9d95c0

SHA1
f2a702bc1a94467e698b9fe2252d27a20cbfc78a

SHA256
bdfb3c7f6b0dd24fd7a856e90e4c92eec2d0891d84d90a422f52a5573c47a630

SHA512
6a590605c8be32edd2234b7a22b9b24e761988e86a669c8143eaf8d93d035ec97aefe0ba88248bb2a53f4a652f154f4c639c960aa7269c5b756df65b17749e9d

Download Submit
memory/1656-19-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/1656-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1656-18-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1656-24-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1656-25-0x0000000003550000-0x0000000003772000-memory.dmp

Filesize
2.1MB

Download
memory/1656-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2364-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2364-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2364-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2364-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2364-14-0x0000000003CA0000-0x0000000004187000-memory.dmp

Filesize
4.9MB

Download