ef5a1fb1b7ebc7a9c65d2f9593d52e369c8f3d59fa5b48eb9b5d31ded5e49c42

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 07:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bc389d06c2cf35b673dac3c1edf08c7.exe
Size

5.8MB
MD5

8bc389d06c2cf35b673dac3c1edf08c7
SHA1

1c264ebd376244eea084727f71fd4c79a48815ab
SHA256

ef5a1fb1b7ebc7a9c65d2f9593d52e369c8f3d59fa5b48eb9b5d31ded5e49c42
SHA512

e9a152043d4de53a636fe8424f0635f320a2cf3ea29a7854ed0509b41e8654ce613ee5b21d11e77c2d9d3dfa2edb85dd477b7b008fdc4822a909504fcb685f5f
SSDEEP

98304:TQKBj7xylOV6F9nrHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:cKBjklOV897auq1jI86FA7y2auq1jI86

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3052	8bc389d06c2cf35b673dac3c1edf08c7.exe

Executes dropped EXE 1 IoCs

pid	Process
3052	8bc389d06c2cf35b673dac3c1edf08c7.exe

Loads dropped DLL 1 IoCs

pid	Process
2760	8bc389d06c2cf35b673dac3c1edf08c7.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2760-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000013a1a-10.dat	upx
behavioral1/files/0x000a000000013a1a-13.dat	upx
behavioral1/memory/3052-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2760	8bc389d06c2cf35b673dac3c1edf08c7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2760	8bc389d06c2cf35b673dac3c1edf08c7.exe
3052	8bc389d06c2cf35b673dac3c1edf08c7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 3052	2760	8bc389d06c2cf35b673dac3c1edf08c7.exe	28
PID 2760 wrote to memory of 3052	2760	8bc389d06c2cf35b673dac3c1edf08c7.exe	28
PID 2760 wrote to memory of 3052	2760	8bc389d06c2cf35b673dac3c1edf08c7.exe	28
PID 2760 wrote to memory of 3052	2760	8bc389d06c2cf35b673dac3c1edf08c7.exe	28

C:\Users\Admin\AppData\Local\Temp\8bc389d06c2cf35b673dac3c1edf08c7.exe
"C:\Users\Admin\AppData\Local\Temp\8bc389d06c2cf35b673dac3c1edf08c7.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Users\Admin\AppData\Local\Temp\8bc389d06c2cf35b673dac3c1edf08c7.exe
  C:\Users\Admin\AppData\Local\Temp\8bc389d06c2cf35b673dac3c1edf08c7.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8bc389d06c2cf35b673dac3c1edf08c7.exe

Filesize
84KB

MD5
cbb0dc29d11ec92d45823ba047f282ae

SHA1
b878d30789cf126432230fc4c45c6ff338c07876

SHA256
68cfdab4938e6f9f56b4a9f1f06e8bbfb120a3ad5b1771e0a8e018b6c497858b

SHA512
be883872aaab3793b9e78c22fbbc5d15c868c68e85e0117f12f12beb0a6fc138b7ff9f0e4542c6dbd2049580c0736a090c69465e1e7e6e049c1da5b42a0380af

Download Submit
\Users\Admin\AppData\Local\Temp\8bc389d06c2cf35b673dac3c1edf08c7.exe

Filesize
194KB

MD5
5c4f59c8e0de253a0ad5730fdf25d0c4

SHA1
b16d387ef145d9a0f869e58c18c6e923dc5fcb1d

SHA256
e69ccae9e490bca3e32f055e40c1cc3bff99953012d92ae708c03e8ff16ec68e

SHA512
06daa21433389201d33e0273a511c1635e5c9a4613693afb294ebc658da6c243c240f4078d977e1c16783ccc92c2d7a6a2eebc30fef955dbe1899b1936fd1fc2

Download Submit
memory/2760-15-0x0000000003F40000-0x000000000442F000-memory.dmp

Filesize
4.9MB

Download
memory/2760-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2760-1-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2760-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2760-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2760-31-0x0000000003F40000-0x000000000442F000-memory.dmp

Filesize
4.9MB

Download
memory/3052-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3052-19-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/3052-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3052-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3052-26-0x0000000003500000-0x000000000372A000-memory.dmp

Filesize
2.2MB

Download
memory/3052-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download