903d5a14cff6031c29be5e4e4273afc59348601a94fc5a99caeefddf2ac34cbc

Analysis

max time kernel
122s
max time network
157s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f38c7fea478d2005453d4c271c3393f.exe
Size

5.8MB
MD5

8f38c7fea478d2005453d4c271c3393f
SHA1

a7caa3d697ebca46852f86896db4c11edc50841d
SHA256

903d5a14cff6031c29be5e4e4273afc59348601a94fc5a99caeefddf2ac34cbc
SHA512

453db1c8fc904f3217f25d93dfc4a5ea2e630cd431093542acc8f28eda0f91adcf753ca5a337fbf614af4c727cc7205889f4176929046e9bd7fc72a570996c7e
SSDEEP

98304:/zdmLfzu6ICHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:5mLLdDauq1jI86FA7y2auq1jI86

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2836	8f38c7fea478d2005453d4c271c3393f.exe

Executes dropped EXE 1 IoCs

pid	Process
2836	8f38c7fea478d2005453d4c271c3393f.exe

Loads dropped DLL 1 IoCs

pid	Process
2784	8f38c7fea478d2005453d4c271c3393f.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2784-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012287-10.dat	upx
behavioral1/memory/2784-14-0x0000000003DD0000-0x00000000042BF000-memory.dmp	upx
behavioral1/memory/2836-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012287-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2784	8f38c7fea478d2005453d4c271c3393f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2784	8f38c7fea478d2005453d4c271c3393f.exe
2836	8f38c7fea478d2005453d4c271c3393f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 2836	2784	8f38c7fea478d2005453d4c271c3393f.exe	27
PID 2784 wrote to memory of 2836	2784	8f38c7fea478d2005453d4c271c3393f.exe	27
PID 2784 wrote to memory of 2836	2784	8f38c7fea478d2005453d4c271c3393f.exe	27
PID 2784 wrote to memory of 2836	2784	8f38c7fea478d2005453d4c271c3393f.exe	27

C:\Users\Admin\AppData\Local\Temp\8f38c7fea478d2005453d4c271c3393f.exe
"C:\Users\Admin\AppData\Local\Temp\8f38c7fea478d2005453d4c271c3393f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Users\Admin\AppData\Local\Temp\8f38c7fea478d2005453d4c271c3393f.exe
  C:\Users\Admin\AppData\Local\Temp\8f38c7fea478d2005453d4c271c3393f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8f38c7fea478d2005453d4c271c3393f.exe

Filesize
704KB

MD5
3e88291824226818b00eed7ed47c5869

SHA1
9df1c3cd2a337d2abe646cddcc6d6c65d5e16afe

SHA256
2ccafc5ec598365885a65142bcc70dbd038dd52425a2ade7f889cbe3c80f4ee9

SHA512
e9aa13ad6dfca2202cf0b5824991008fab4a6795b138a85265ec2d003d8cf8f256e95763585409628ea790f699ac99c40a0afee7f744b887be15f6b11100bffd

Download Submit
\Users\Admin\AppData\Local\Temp\8f38c7fea478d2005453d4c271c3393f.exe

Filesize
1.5MB

MD5
01d6b3174ff9c8255ceb29efc8bd6ed4

SHA1
dab597edfec1c8189c7ef627a277af16bea7954a

SHA256
2aa0fe3a14bdbe76e6f1b86b6045db06e0ec069acab3e0570b37ac4efc04fcb4

SHA512
da0c67d08020f5df8f5a7214e5bea0f48661f21563bcdd2c3d79e091e92f338e4ea49a26eff54a5c3bb3613fa1d586591be6c245e322f4c3f95d0251f4944675

Download Submit
memory/2784-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2784-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2784-14-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2784-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2784-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2836-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2836-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2836-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2836-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2836-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2836-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download