1bb6c9d0a75ccd8f221f4057b4e0e5802a6b6a2b65a5806b469d994721e76271

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 14:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8f669f44951cda6f63a2752b72eabb15.exe
Size

1.5MB
MD5

8f669f44951cda6f63a2752b72eabb15
SHA1

df2e7ef6b2d55e0b2eb4e566aa41023a45cf2411
SHA256

1bb6c9d0a75ccd8f221f4057b4e0e5802a6b6a2b65a5806b469d994721e76271
SHA512

edb5cf77817e96be67b6ddc7a08b1f78c486d1b17bce9b3b70f315373491bfefa27440d72e23ebaa147bda8ba018197b55624cfe18ee0673e135ed30405f86a9
SSDEEP

24576:lq4y9g6PGhFV5wZPNxYlPWD5qvyGNPSEEssp4mmmARJV3+YI1H4ipgMW:EgjtGZPEleD51uoXm82Jpg1H4m

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1996	8f669f44951cda6f63a2752b72eabb15.exe

Executes dropped EXE 1 IoCs

pid	Process
1996	8f669f44951cda6f63a2752b72eabb15.exe

Loads dropped DLL 1 IoCs

pid	Process
1972	8f669f44951cda6f63a2752b72eabb15.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1972-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012242-10.dat	upx
behavioral1/files/0x000c000000012242-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1972	8f669f44951cda6f63a2752b72eabb15.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1972	8f669f44951cda6f63a2752b72eabb15.exe
1996	8f669f44951cda6f63a2752b72eabb15.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 1996	1972	8f669f44951cda6f63a2752b72eabb15.exe	28
PID 1972 wrote to memory of 1996	1972	8f669f44951cda6f63a2752b72eabb15.exe	28
PID 1972 wrote to memory of 1996	1972	8f669f44951cda6f63a2752b72eabb15.exe	28
PID 1972 wrote to memory of 1996	1972	8f669f44951cda6f63a2752b72eabb15.exe	28

C:\Users\Admin\AppData\Local\Temp\8f669f44951cda6f63a2752b72eabb15.exe
"C:\Users\Admin\AppData\Local\Temp\8f669f44951cda6f63a2752b72eabb15.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\8f669f44951cda6f63a2752b72eabb15.exe
  C:\Users\Admin\AppData\Local\Temp\8f669f44951cda6f63a2752b72eabb15.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8f669f44951cda6f63a2752b72eabb15.exe

Filesize
537KB

MD5
8c35a7247d8888779b469ff7c2a2d92b

SHA1
b536c98344ef077d8d758f18fc06745a8ff86846

SHA256
581154af1366dc94224899d2f4394ce03502f26e52db6274b5a7699d5fa9fd67

SHA512
8559893639205cbec5f7813d835ff520519f74041b148d276626eadeb17512fa85e64ed328e572288633140f463f1dd7fc9f71c0acfc6984a86e1fd35a68f711

Download Submit
\Users\Admin\AppData\Local\Temp\8f669f44951cda6f63a2752b72eabb15.exe

Filesize
833KB

MD5
51233bdd0cb0b9d5f34f8348f6703b05

SHA1
ad9c3c7c65f22b38176c7bd8977f930aec02c334

SHA256
e8668a4fc28e44bd83262e4920fc5ad789f811ceef7a3d1212533096bf968796

SHA512
0cec525688bd9db825bffc06a6b7eecafc1da95215c6b0a3af3e02a7877c69180ce0a4a80594a9fb4baf5f0516e953f1dadf2780126172549bcc150d31bc3ebe

Download Submit
memory/1972-2-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1972-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1972-14-0x0000000003670000-0x0000000003B5F000-memory.dmp

Filesize
4.9MB

Download
memory/1972-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1972-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1996-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1996-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1996-20-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/1996-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1996-26-0x00000000032D0000-0x00000000034FA000-memory.dmp

Filesize
2.2MB

Download
memory/1996-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download