1cf6e2846db9b1a1954626e3dd04bb7788f5843c5c4cb45d619e80be7ed18080

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cfa9a6eeacd95084c96d1bcf12ceed1.exe
Size

2.7MB
MD5

8cfa9a6eeacd95084c96d1bcf12ceed1
SHA1

4e1f5b7ba3fa332c00103bab93640fd194857d41
SHA256

1cf6e2846db9b1a1954626e3dd04bb7788f5843c5c4cb45d619e80be7ed18080
SHA512

1c3c0c98e223eb979faf03ac553e6faec746bffea79e3c66fdf559df376097a2326d04587c9372bcb3ae1cdd8d6d531c60ede496958890216310dd299b77da73
SSDEEP

49152:vQfii6LXqDMldHs9xzIvwCsO7XygRhZ1Bonf:vM6TwMldHszzvqbyMhZ4f

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2128	8cfa9a6eeacd95084c96d1bcf12ceed1.exe

Executes dropped EXE 1 IoCs

pid	Process
2128	8cfa9a6eeacd95084c96d1bcf12ceed1.exe

Loads dropped DLL 1 IoCs

pid	Process
2848	8cfa9a6eeacd95084c96d1bcf12ceed1.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2848-1-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0008000000012233-11.dat	upx
behavioral1/files/0x0008000000012233-13.dat	upx
behavioral1/files/0x0008000000012233-14.dat	upx
behavioral1/memory/2128-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2848	8cfa9a6eeacd95084c96d1bcf12ceed1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2848	8cfa9a6eeacd95084c96d1bcf12ceed1.exe
2128	8cfa9a6eeacd95084c96d1bcf12ceed1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2128	2848	8cfa9a6eeacd95084c96d1bcf12ceed1.exe	28
PID 2848 wrote to memory of 2128	2848	8cfa9a6eeacd95084c96d1bcf12ceed1.exe	28
PID 2848 wrote to memory of 2128	2848	8cfa9a6eeacd95084c96d1bcf12ceed1.exe	28
PID 2848 wrote to memory of 2128	2848	8cfa9a6eeacd95084c96d1bcf12ceed1.exe	28

C:\Users\Admin\AppData\Local\Temp\8cfa9a6eeacd95084c96d1bcf12ceed1.exe
"C:\Users\Admin\AppData\Local\Temp\8cfa9a6eeacd95084c96d1bcf12ceed1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Users\Admin\AppData\Local\Temp\8cfa9a6eeacd95084c96d1bcf12ceed1.exe
  C:\Users\Admin\AppData\Local\Temp\8cfa9a6eeacd95084c96d1bcf12ceed1.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8cfa9a6eeacd95084c96d1bcf12ceed1.exe

Filesize
1.8MB

MD5
fd7e3d98476d82a15830dd36e1b0e220

SHA1
caf4f421d4663d72203a2b1b39ccf51af24b02e7

SHA256
65df58d93ccf3a07fb6d36df4c0120a38d1439e7149fddec4e5f605f15964d48

SHA512
b9eecfd9e9d5c74e22b4e881155b0dabad447f20345538f21bb08d23e1d44be341eb5091e7198e573be30efc3499ebbee7f4dbb30c164860984427f015d3605b

Download Submit
C:\Users\Admin\AppData\Local\Temp\8cfa9a6eeacd95084c96d1bcf12ceed1.exe

Filesize
2.7MB

MD5
9bafa969f26553a07e8ed8a15055474a

SHA1
20198840e866ad96f1465c22e0a1e4ee9a634f50

SHA256
4d14457961e5a8b6a8b77b8c13395546b7b2de8f6925c35de6890714a47a0e83

SHA512
32ef83a1de77e0be711ba29dc8537af44b681473d79ac56e159bfbbbb662946fe2ab93240bf42f89a115aae74e2902fd253c4710ab03815cf58adb89f1242bc3

Download Submit
\Users\Admin\AppData\Local\Temp\8cfa9a6eeacd95084c96d1bcf12ceed1.exe

Filesize
2.1MB

MD5
690ba7a586c93aba7ab875f3effcaf6a

SHA1
42ec6008e7bd3763f538a1bc097bff9b708cd213

SHA256
555db6d65c5567b9bb766c3424308e63d99da51115a3f5ff1aabe748ac1ddd3d

SHA512
fbcec68751f44974aaca621f94b028219495be59f9c4910cdeaa6d2805ac7a00734b2665adf28475c81710b589702c7f90c9d9268969684fff01c305162f6a27

Download Submit
memory/2128-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2128-19-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2128-18-0x0000000000270000-0x0000000000382000-memory.dmp

Filesize
1.1MB

Download
memory/2128-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2848-1-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2848-3-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2848-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2848-0-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2848-16-0x00000000036B0000-0x0000000003B1A000-memory.dmp

Filesize
4.4MB

Download
memory/2848-26-0x00000000036B0000-0x0000000003B1A000-memory.dmp

Filesize
4.4MB

Download