67894dc1d42c272efc1eb09d9c79c5b9484406cd0c315f86c312f9d7f5a70209

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 08:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8eafefc41213583bd9e3a3b67615396f.exe
Size

1.3MB
MD5

8eafefc41213583bd9e3a3b67615396f
SHA1

517ad74319edfb9b9b04f3386990f88cd488ea6e
SHA256

67894dc1d42c272efc1eb09d9c79c5b9484406cd0c315f86c312f9d7f5a70209
SHA512

b199012bc3a80651425746a5aa0bbb1df8b1a792f9e43060f78ade467f7d018ba4429f3656a14cb995f1e413eae263477c03a941076e20f22941a7645caf4eba
SSDEEP

24576:TxxoGEzRjGLmib0tzd9ZdrYEfjr72QydIy9L8upUMq9iZoRxnx2BTFd/WO:TwGEzRqL1bGTdlff72QCIyZ8DX9iGRnU

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2420	8eafefc41213583bd9e3a3b67615396f.exe

Executes dropped EXE 1 IoCs

pid	Process
2420	8eafefc41213583bd9e3a3b67615396f.exe

Loads dropped DLL 1 IoCs

pid	Process
2188	8eafefc41213583bd9e3a3b67615396f.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2188-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c0000000122d5-12.dat	upx
behavioral1/files/0x000c0000000122d5-10.dat	upx
behavioral1/memory/2420-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c0000000122d5-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2188	8eafefc41213583bd9e3a3b67615396f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2188	8eafefc41213583bd9e3a3b67615396f.exe
2420	8eafefc41213583bd9e3a3b67615396f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2420	2188	8eafefc41213583bd9e3a3b67615396f.exe	28
PID 2188 wrote to memory of 2420	2188	8eafefc41213583bd9e3a3b67615396f.exe	28
PID 2188 wrote to memory of 2420	2188	8eafefc41213583bd9e3a3b67615396f.exe	28
PID 2188 wrote to memory of 2420	2188	8eafefc41213583bd9e3a3b67615396f.exe	28

C:\Users\Admin\AppData\Local\Temp\8eafefc41213583bd9e3a3b67615396f.exe
"C:\Users\Admin\AppData\Local\Temp\8eafefc41213583bd9e3a3b67615396f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Users\Admin\AppData\Local\Temp\8eafefc41213583bd9e3a3b67615396f.exe
  C:\Users\Admin\AppData\Local\Temp\8eafefc41213583bd9e3a3b67615396f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8eafefc41213583bd9e3a3b67615396f.exe

Filesize
146KB

MD5
f105e5aa1c71a000e319381c58311065

SHA1
47f2657d3da349c2605745aa7a3e9769ab3c52be

SHA256
4288b90ea3efb9cd5db4517a09532482f87adbf871ccc0c6cdec7138e9ff5e30

SHA512
af6d687b473315d39fb216982528bdac22d510048a24e3d4d090e96eafbaacf3cfbd780dfcb1e23322ff9646143c6073a80f232b7d3dd430090ab9cacfe28117

Download Submit
C:\Users\Admin\AppData\Local\Temp\8eafefc41213583bd9e3a3b67615396f.exe

Filesize
711KB

MD5
10432bd8011a0584223377f30ff82898

SHA1
167b1f156f7c380b6d21e43b43c4bcaa578be461

SHA256
5f771ebf3c701e4728dd381bc09bc07ea973243b8e5dce7d9c124f61d45d6e32

SHA512
a79c8020970340e8ff7b0d67eafe080c8b21ec82ae2ee9885882f5e9d37cf7d5dd372dbf5789bc6f9e785e802780bc7c094fe7bce7d4e70eebaf4411f4d57c94

Download Submit
\Users\Admin\AppData\Local\Temp\8eafefc41213583bd9e3a3b67615396f.exe

Filesize
155KB

MD5
f081c3d7ee6273e55ab1a4e3007bce90

SHA1
afde5765926c2e8484723133db42bd032fac6a10

SHA256
e240af5a65c9239197bb19e2fc852ad362ad3786b3090a45bf7c1b57199652a4

SHA512
a4d0200c82d242fd0e2c4462a746e507bb53ceb841f4f682531b1568ac6687cddaf4c70088b51e7875016c7508c346b6419d22072385108e22879b2094156d59

Download Submit
memory/2188-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2188-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2188-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2188-15-0x00000000034D0000-0x00000000039BF000-memory.dmp

Filesize
4.9MB

Download
memory/2188-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2420-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2420-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2420-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2420-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2420-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2420-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download