c90339e46c15950381a1080bed1f750c76151b881e48563ca6302120f3460baf

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 02:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8df7b06a6a5b8db03047ec519a56bfe6.exe
Size

1.3MB
MD5

8df7b06a6a5b8db03047ec519a56bfe6
SHA1

06f5a69dfc8d409355c5ab41d508c6001985b7f3
SHA256

c90339e46c15950381a1080bed1f750c76151b881e48563ca6302120f3460baf
SHA512

195d8ba9d54f1a351ed1887ad028b2b9e85ba93768ab7af7a915b3f1ae0b6503277a8b9642b45698151e3653acdf1b2dfa9f5b2b466ee18428a9421139a7232a
SSDEEP

24576:O8jlSm+y139rqU59oHUm+apySSwbLbMaYxTm9TKKPpnDOwb7p5JJ84nyzwaUU9/t:VxSmlXHXoHaGySH0rxTuTKKPpDOQ5SbD

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2156	8df7b06a6a5b8db03047ec519a56bfe6.exe

Executes dropped EXE 1 IoCs

pid	Process
2156	8df7b06a6a5b8db03047ec519a56bfe6.exe

Loads dropped DLL 1 IoCs

pid	Process
1364	8df7b06a6a5b8db03047ec519a56bfe6.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1364-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0009000000015b6f-10.dat	upx
behavioral1/files/0x0009000000015b6f-12.dat	upx
behavioral1/files/0x0009000000015b6f-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1364	8df7b06a6a5b8db03047ec519a56bfe6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1364	8df7b06a6a5b8db03047ec519a56bfe6.exe
2156	8df7b06a6a5b8db03047ec519a56bfe6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 2156	1364	8df7b06a6a5b8db03047ec519a56bfe6.exe	28
PID 1364 wrote to memory of 2156	1364	8df7b06a6a5b8db03047ec519a56bfe6.exe	28
PID 1364 wrote to memory of 2156	1364	8df7b06a6a5b8db03047ec519a56bfe6.exe	28
PID 1364 wrote to memory of 2156	1364	8df7b06a6a5b8db03047ec519a56bfe6.exe	28

C:\Users\Admin\AppData\Local\Temp\8df7b06a6a5b8db03047ec519a56bfe6.exe
"C:\Users\Admin\AppData\Local\Temp\8df7b06a6a5b8db03047ec519a56bfe6.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Users\Admin\AppData\Local\Temp\8df7b06a6a5b8db03047ec519a56bfe6.exe
  C:\Users\Admin\AppData\Local\Temp\8df7b06a6a5b8db03047ec519a56bfe6.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8df7b06a6a5b8db03047ec519a56bfe6.exe

Filesize
387KB

MD5
4148e6a2c59cbc33f3e9acbc196478a9

SHA1
996c9f0fe72b839134faa623de35b1b9ea081d02

SHA256
a3e71ce5b626dee346fe0f4f55c25bc2a57411f86fda9bf9d9aa4a24d0cb3dd0

SHA512
f11708f72ebbda7ea68b1757f1e2efbc8b7421b7111e2f0beb4c05ac2c7a1e3c4afff3bc111116b371d566e0caef3c10ae672c54be6406c1b69d4d7e47c97398

Download Submit
C:\Users\Admin\AppData\Local\Temp\8df7b06a6a5b8db03047ec519a56bfe6.exe

Filesize
702KB

MD5
253f7e2c9f2837b55d952aa68ab6d281

SHA1
842962958a75b48240d38ae7bfa5ec94d64c1f04

SHA256
e91ef8b5f3dbbb585d849f8566990da719ec194703e191bc1f6c826d395acb34

SHA512
cf03c49a3907f3c253ce59efb1a8d087fc2bf549b4e09095208fa22ada9db0f609c19ce47f93d9238af824dd5c11876dbbceab199f70b7de8e7778a8326ef597

Download Submit
\Users\Admin\AppData\Local\Temp\8df7b06a6a5b8db03047ec519a56bfe6.exe

Filesize
688KB

MD5
b062698e62dc05dbcc5f8ae2d98ec0f1

SHA1
4023c4bc32972068f12dfb07269b779ae985a2ed

SHA256
4b4618a7ee6b331214cd74273328e0cf4d7f4b2dfc91817665095c8ef5fbbe09

SHA512
c68f7b23b47f797a6d89c23d9122e186621eb882fcffbf338c3f695f99a3481f0e3c91823054d56b01ea1c90c2a04d17a7071d626182b48ba296927fa7e51e28

Download Submit
memory/1364-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1364-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1364-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1364-15-0x00000000035B0000-0x0000000003A97000-memory.dmp

Filesize
4.9MB

Download
memory/1364-1-0x0000000000270000-0x00000000003A1000-memory.dmp

Filesize
1.2MB

Download
memory/1364-32-0x00000000035B0000-0x0000000003A97000-memory.dmp

Filesize
4.9MB

Download
memory/2156-18-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2156-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2156-21-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2156-24-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2156-25-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2156-33-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download