116c0dc015c49f08652117192a1cad1b508c5fbe786bf912ebd575deaaaa27e2

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fa0bd538f66f8892f769a6d35d7e856.exe
Size

2.9MB
MD5

8fa0bd538f66f8892f769a6d35d7e856
SHA1

e9dec00d893f427977eca2c5fe1590e43ff01dde
SHA256

116c0dc015c49f08652117192a1cad1b508c5fbe786bf912ebd575deaaaa27e2
SHA512

2f1b470935ab83124f4bf74ec717bc83841ce2dfeb2cbd84a213a74020ae059548fa7d8b92d3b80c220ecd1428019aa9b100f16f79f017530f85cebefc808c91
SSDEEP

49152:lqQ+qR05iK0DtYJpAF2LiQZMFeMaP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:lgBsKo+pAQLDLjgg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2332	8fa0bd538f66f8892f769a6d35d7e856.exe

Executes dropped EXE 1 IoCs

pid	Process
2332	8fa0bd538f66f8892f769a6d35d7e856.exe

Loads dropped DLL 1 IoCs

pid	Process
1972	8fa0bd538f66f8892f769a6d35d7e856.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1972-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001223b-13.dat	upx
behavioral1/memory/2332-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001223b-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1972	8fa0bd538f66f8892f769a6d35d7e856.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1972	8fa0bd538f66f8892f769a6d35d7e856.exe
2332	8fa0bd538f66f8892f769a6d35d7e856.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2332	1972	8fa0bd538f66f8892f769a6d35d7e856.exe	19
PID 1972 wrote to memory of 2332	1972	8fa0bd538f66f8892f769a6d35d7e856.exe	19
PID 1972 wrote to memory of 2332	1972	8fa0bd538f66f8892f769a6d35d7e856.exe	19
PID 1972 wrote to memory of 2332	1972	8fa0bd538f66f8892f769a6d35d7e856.exe	19

C:\Users\Admin\AppData\Local\Temp\8fa0bd538f66f8892f769a6d35d7e856.exe
"C:\Users\Admin\AppData\Local\Temp\8fa0bd538f66f8892f769a6d35d7e856.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\8fa0bd538f66f8892f769a6d35d7e856.exe
  C:\Users\Admin\AppData\Local\Temp\8fa0bd538f66f8892f769a6d35d7e856.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8fa0bd538f66f8892f769a6d35d7e856.exe

Filesize
103KB

MD5
dcc71c4b139b7ae1fb795d7a792e2645

SHA1
1febb2784d18da6a389a113f7c35bb0979255b5d

SHA256
ce14127613d5f5d4b27d1ab4fe3bd2baa890957dfff3d7b31fc2a5d6d1124a49

SHA512
6fbdfe46da7d8191cd8fc2c050a825fc9fdc21593cb4b20f3de0f22e833ff88aaaef21e0f8db967d8b886332adf9843dcfaba8827e1bd5b0eef66e754026aab6

Download Submit
\Users\Admin\AppData\Local\Temp\8fa0bd538f66f8892f769a6d35d7e856.exe

Filesize
130KB

MD5
59a3ba9bbbcac935fbddc74684e21c93

SHA1
187c57605573aa35c57e2d0e1556bbec6145aa2b

SHA256
341188eacc025781f5505bf48ddaaa9665ebe282fcc125abe92aa2e6be9fbff2

SHA512
be02e2d7fb17584ca5297985c21547f4dae61a1c10e7281e946099e799342332b790beb162fd3c1edc0ecabb8817bc599f234016986a1f1f868989bac1f63c51

Download Submit
memory/1972-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1972-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1972-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1972-15-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/1972-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1972-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2332-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2332-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2332-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2332-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2332-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2332-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download