2544a35b456ff9170c071e60c1ac312bf0494052067c66e58740dd3cddd5367f

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03-02-2024 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b93a86de4eefdd1a7812ad6ed5064e4.exe
Size

2.7MB
MD5

8b93a86de4eefdd1a7812ad6ed5064e4
SHA1

c625890a35854e0d66e0310a28936f84f67e6619
SHA256

2544a35b456ff9170c071e60c1ac312bf0494052067c66e58740dd3cddd5367f
SHA512

dc0272d9692074977af693eb53a9898fd2757c9fd44181997793e52e6b4ef7229dbda80790be019d4bd3ed1ca4eb7940c8872101e3e5e567ad8cb6e65e545513
SSDEEP

49152:7CFCHlM49nyy49gl1jMnKQPi1d1R9TJdlB4011X3rTEK4lhVMqJtKZJhJX9HR9j:7CwHlM41yyUgCIb1HTJdzz1HrYK4nm6c

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2296	8b93a86de4eefdd1a7812ad6ed5064e4.exe

Executes dropped EXE 1 IoCs

pid	Process
2296	8b93a86de4eefdd1a7812ad6ed5064e4.exe

Loads dropped DLL 1 IoCs

pid	Process
2668	8b93a86de4eefdd1a7812ad6ed5064e4.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2668-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000c000000014122-10.dat	upx
behavioral1/files/0x000c000000014122-13.dat	upx
behavioral1/memory/2296-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2668	8b93a86de4eefdd1a7812ad6ed5064e4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2668	8b93a86de4eefdd1a7812ad6ed5064e4.exe
2296	8b93a86de4eefdd1a7812ad6ed5064e4.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2296	2668	8b93a86de4eefdd1a7812ad6ed5064e4.exe	28
PID 2668 wrote to memory of 2296	2668	8b93a86de4eefdd1a7812ad6ed5064e4.exe	28
PID 2668 wrote to memory of 2296	2668	8b93a86de4eefdd1a7812ad6ed5064e4.exe	28
PID 2668 wrote to memory of 2296	2668	8b93a86de4eefdd1a7812ad6ed5064e4.exe	28

C:\Users\Admin\AppData\Local\Temp\8b93a86de4eefdd1a7812ad6ed5064e4.exe
"C:\Users\Admin\AppData\Local\Temp\8b93a86de4eefdd1a7812ad6ed5064e4.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Users\Admin\AppData\Local\Temp\8b93a86de4eefdd1a7812ad6ed5064e4.exe
  C:\Users\Admin\AppData\Local\Temp\8b93a86de4eefdd1a7812ad6ed5064e4.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8b93a86de4eefdd1a7812ad6ed5064e4.exe

Filesize
2.6MB

MD5
aae5c8e0e908d4dc233f7e9cd0ea2564

SHA1
a23a42c1a7eba54613c1831b4bfed9b16387ae3d

SHA256
8f40d5ff4aa0221c2f3818d6acf622babab3e3686ae9756bee98ab3ccb8c45e4

SHA512
96167f6304d0fe9e6ef6a59c3975dc17e8624ef1dd05df86a26b4c0da6dbe0ead9c79909efaf1f40fd61f842f4a496dad03d71b9eda3a683382c5553ec68debe

Download Submit
\Users\Admin\AppData\Local\Temp\8b93a86de4eefdd1a7812ad6ed5064e4.exe

Filesize
2.0MB

MD5
9abc15110732ac20f21e6da1053ad5e2

SHA1
e511e0d07e92804751149fd797c6a7782e87a9fb

SHA256
66cf65fbc3f15209dc4dde79859476f1ac6cb2d5267aa0fe9c0b68ec42905f0a

SHA512
84618b0c1d12b70c21cfc8ad378381c8620055072e25b0662942123a22be7baf0456283f327a443350ffe5fdbcbbc2e78647de6437dea42d8a67dffac56f64e0

Download Submit
memory/2296-18-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2296-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2296-17-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2296-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2296-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2296-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2668-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2668-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2668-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2668-15-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/2668-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download