7eb3424fbd9348ec49ba754b03f1c3810bd2f5b39c047646d161747be48023d3

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-02-2024 04:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e2ec988a4f680a246db7f28aa50dddf.exe
Size

1.5MB
MD5

8e2ec988a4f680a246db7f28aa50dddf
SHA1

25a41b951ff5f6752952c3ea5e721ea6fae0b119
SHA256

7eb3424fbd9348ec49ba754b03f1c3810bd2f5b39c047646d161747be48023d3
SHA512

d8f70af906bdc0a5fcc0d25eb2238a8bae56391c1a5a19b05a68ab40d869cc48b1f04c295a6843615e49b70610aab38994b791f9440290b1e63d382da875acac
SSDEEP

24576:YxpUW1KxrEF8QwEqKl0rYZ5MYbUVJtgXNpN67Sw0G+wcextGpPkXWW:YxWW1KxAFtsKWrYZ5FbLs77hc9oW

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2352	8e2ec988a4f680a246db7f28aa50dddf.exe

Executes dropped EXE 1 IoCs

pid	Process
2352	8e2ec988a4f680a246db7f28aa50dddf.exe

Loads dropped DLL 1 IoCs

pid	Process
1984	8e2ec988a4f680a246db7f28aa50dddf.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1984-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00050000000120fb-10.dat	upx
behavioral1/memory/1984-15-0x0000000003510000-0x00000000039FF000-memory.dmp	upx
behavioral1/memory/2352-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00050000000120fb-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1984	8e2ec988a4f680a246db7f28aa50dddf.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1984	8e2ec988a4f680a246db7f28aa50dddf.exe
2352	8e2ec988a4f680a246db7f28aa50dddf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2352	1984	8e2ec988a4f680a246db7f28aa50dddf.exe	28
PID 1984 wrote to memory of 2352	1984	8e2ec988a4f680a246db7f28aa50dddf.exe	28
PID 1984 wrote to memory of 2352	1984	8e2ec988a4f680a246db7f28aa50dddf.exe	28
PID 1984 wrote to memory of 2352	1984	8e2ec988a4f680a246db7f28aa50dddf.exe	28

C:\Users\Admin\AppData\Local\Temp\8e2ec988a4f680a246db7f28aa50dddf.exe
"C:\Users\Admin\AppData\Local\Temp\8e2ec988a4f680a246db7f28aa50dddf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Users\Admin\AppData\Local\Temp\8e2ec988a4f680a246db7f28aa50dddf.exe
  C:\Users\Admin\AppData\Local\Temp\8e2ec988a4f680a246db7f28aa50dddf.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8e2ec988a4f680a246db7f28aa50dddf.exe

Filesize
1.5MB

MD5
17812afc305b00ab2ad832f643ac1dd1

SHA1
85339a42adbd1f842a5e2c3af358655085da39da

SHA256
37642f79556fa99ac1c775887b6f015b648132906a49ef924776bbbd95443f9f

SHA512
a8fd60d83780a4c87cd807cfb53b556f81bdaca66b1c793e7778ede4c67e2aa3ddd04d0bb71ba4e2ee4e6cb1a6486863a41f133c0814d6de8553fccdfcb1e577

Download Submit
\Users\Admin\AppData\Local\Temp\8e2ec988a4f680a246db7f28aa50dddf.exe

Filesize
256KB

MD5
46f4e7868d68cafc9e77d52b7fe114cc

SHA1
20d20d697d175b66721157650e29b4e21dd84535

SHA256
ef3cb675c453c17d76e07252ba728651d37041a613ebb69d312b6ea2953c4007

SHA512
ceb5bf2317d75cccc2f44a4d532c76f65ee579f7539c4288613a00db7a1bbe729dade0555f791be5a49c30b0d1a760185c25eecad01d41341e876e865f1cbb86

Download Submit
memory/1984-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1984-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1984-15-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/1984-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1984-1-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1984-31-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2352-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2352-18-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/2352-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2352-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2352-24-0x00000000034C0000-0x00000000036EA000-memory.dmp

Filesize
2.2MB

Download
memory/2352-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download