dcc19462ce8f385268a5a3dc174eac9c1624a9ab41caa0513558e32766022eed

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 09:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c05a2c4067fec3227d64ecccc47a830.exe
Size

1.5MB
MD5

8c05a2c4067fec3227d64ecccc47a830
SHA1

576c653f5e83a49de5e3badeac053d64ec03b63a
SHA256

dcc19462ce8f385268a5a3dc174eac9c1624a9ab41caa0513558e32766022eed
SHA512

b1d7adfb2cb641f422b01387de88beb220233e37461eaf3e48a864fe000443e950c6497bcfb869371526195acec7157f37e01e12f40c357b7d646df1791244a1
SSDEEP

24576:BnTvD2QNT5hu/JFKlQ0sP6HPgjt1ap0sVh/A/JQbSW:BTvTNTK7KO0O6v8tQprho/JqS

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2284	8c05a2c4067fec3227d64ecccc47a830.exe

Executes dropped EXE 1 IoCs

pid	Process
2284	8c05a2c4067fec3227d64ecccc47a830.exe

Loads dropped DLL 1 IoCs

pid	Process
3020	8c05a2c4067fec3227d64ecccc47a830.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3020-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b00000001224d-13.dat	upx
behavioral1/files/0x000b00000001224d-12.dat	upx
behavioral1/files/0x000b00000001224d-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3020	8c05a2c4067fec3227d64ecccc47a830.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3020	8c05a2c4067fec3227d64ecccc47a830.exe
2284	8c05a2c4067fec3227d64ecccc47a830.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 2284	3020	8c05a2c4067fec3227d64ecccc47a830.exe	28
PID 3020 wrote to memory of 2284	3020	8c05a2c4067fec3227d64ecccc47a830.exe	28
PID 3020 wrote to memory of 2284	3020	8c05a2c4067fec3227d64ecccc47a830.exe	28
PID 3020 wrote to memory of 2284	3020	8c05a2c4067fec3227d64ecccc47a830.exe	28

C:\Users\Admin\AppData\Local\Temp\8c05a2c4067fec3227d64ecccc47a830.exe
"C:\Users\Admin\AppData\Local\Temp\8c05a2c4067fec3227d64ecccc47a830.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Users\Admin\AppData\Local\Temp\8c05a2c4067fec3227d64ecccc47a830.exe
  C:\Users\Admin\AppData\Local\Temp\8c05a2c4067fec3227d64ecccc47a830.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8c05a2c4067fec3227d64ecccc47a830.exe

Filesize
291KB

MD5
1b4f7b3dcba79bcd90e44e1db4166c63

SHA1
40c739fc7cbd4206d45dd75e005636338517b84d

SHA256
a2fc5ecde1efe349c5713916d8fa60c8701cd59a897903c5acab942951ca8886

SHA512
3676788820a894f184d69284f6d490f3179e28a006577a43c69ede2d9a69f75a63f1a3a70046717e0e07c1b72e21eae931bd12bde30825807efe2f09e0284eab

Download Submit
C:\Users\Admin\AppData\Local\Temp\8c05a2c4067fec3227d64ecccc47a830.exe

Filesize
384KB

MD5
835e25aeda304ae441bf31c7f1638e84

SHA1
87bd2cfe2b4d3df75e70f37551e081dccb348d51

SHA256
8e9872faad94c59bb0530d3b014da1358881a50809584eea5973e8c8652a9390

SHA512
4dea94b538f450d5041285f6b37d2506bb699e4f1e69fd8376ba8b3e23e8242bf1741796ebda5cc14c07fe67c351050f53fad9ec021fe54abd1394b3ae2b028e

Download Submit
\Users\Admin\AppData\Local\Temp\8c05a2c4067fec3227d64ecccc47a830.exe

Filesize
252KB

MD5
45d4d347a7148f8b8afdd9010961002c

SHA1
50fd6312cca757adabf7811dfc358dd020804dea

SHA256
33ec219b01ab756c5a11c67488285c1ce8706f8c4152e069f8549f0c83975961

SHA512
e3946ec4c77c72e0b567738818e2850a065fb2fd06d1c5999e210a6e16943b1404cdd2ab107f2a2322a029d194f66b1af2ad4c23d4779ed375f02459f38f2160

Download Submit
memory/2284-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2284-16-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2284-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2284-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2284-24-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/2284-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3020-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3020-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3020-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3020-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download