2f68f263708fd010f33ae5f2cf04569b652ee8f9c94e580a3e96aef094e37e99

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fe290e18503dcdb7ebaedbae92075d3.exe
Size

2.9MB
MD5

8fe290e18503dcdb7ebaedbae92075d3
SHA1

7f2bba20aa5f6d3f3efed13069a91060853a20b9
SHA256

2f68f263708fd010f33ae5f2cf04569b652ee8f9c94e580a3e96aef094e37e99
SHA512

48f65935888c2583d27e0d4882addbbad8fe697c7be45891414c3b5d34b5ec12224e2c5403d8661b9cf0c4cf3682417c8c3e83159cadc62c8aff47315c477873
SSDEEP

49152:ZHNfs64iON9qdF0e0mXeYN74NH5HUyNRcUsCVOzetdZJ:ZHN062N9qImXeY4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3032	8fe290e18503dcdb7ebaedbae92075d3.exe

Executes dropped EXE 1 IoCs

pid	Process
3032	8fe290e18503dcdb7ebaedbae92075d3.exe

Loads dropped DLL 1 IoCs

pid	Process
2400	8fe290e18503dcdb7ebaedbae92075d3.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2400-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00080000000120f8-10.dat	upx
behavioral1/files/0x00080000000120f8-13.dat	upx
behavioral1/files/0x00080000000120f8-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2400	8fe290e18503dcdb7ebaedbae92075d3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2400	8fe290e18503dcdb7ebaedbae92075d3.exe
3032	8fe290e18503dcdb7ebaedbae92075d3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 3032	2400	8fe290e18503dcdb7ebaedbae92075d3.exe	28
PID 2400 wrote to memory of 3032	2400	8fe290e18503dcdb7ebaedbae92075d3.exe	28
PID 2400 wrote to memory of 3032	2400	8fe290e18503dcdb7ebaedbae92075d3.exe	28
PID 2400 wrote to memory of 3032	2400	8fe290e18503dcdb7ebaedbae92075d3.exe	28

C:\Users\Admin\AppData\Local\Temp\8fe290e18503dcdb7ebaedbae92075d3.exe
"C:\Users\Admin\AppData\Local\Temp\8fe290e18503dcdb7ebaedbae92075d3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Users\Admin\AppData\Local\Temp\8fe290e18503dcdb7ebaedbae92075d3.exe
  C:\Users\Admin\AppData\Local\Temp\8fe290e18503dcdb7ebaedbae92075d3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8fe290e18503dcdb7ebaedbae92075d3.exe

Filesize
1.2MB

MD5
0572869f8cc15798862c01fff968cadc

SHA1
78673d63bcae05a25c356b244eb427033754746d

SHA256
5b336981e431a10dfba0b5a29fb0edd5455857cf16a75ea005666c30374868af

SHA512
65476b760f77d41f1ceb186692762dfc9d5f726542f5982ec37e6b68a2c03d52c96fd2e56f7b80f61e0cfcf81d48a72030e4b775a822f79ce07451b7b1348644

Download Submit
C:\Users\Admin\AppData\Local\Temp\8fe290e18503dcdb7ebaedbae92075d3.exe

Filesize
704KB

MD5
4172187592b8edc5b1c4c1c08b4f7dee

SHA1
e9bd1c526a3f34cdf3820f3ed9b00ed6062ea7d6

SHA256
12a68d136350239cc68d2ce04c49d9d54d3c39c11291bfdb3912c7b95eeff836

SHA512
3799dbdb910984d4365c39746deebd2adeec0b783f403c6088f2975b629d51c77ad31faceab949fffe0c318aa654fb7df8b938455e93aa1000ccecdcdc488f5f

Download Submit
\Users\Admin\AppData\Local\Temp\8fe290e18503dcdb7ebaedbae92075d3.exe

Filesize
1.0MB

MD5
d8dc35c01435182f895f0f0f62c03d08

SHA1
5ebea06bf45c20b754571b611ca6b4988c40d6fe

SHA256
41c42a4f3ec895b2681066df084d9e54f3d5b49cb5b6bfe47de995fcdd795d2c

SHA512
1f745a58e8b2b7cd1408f17724073cc269f191be8101bf403cbd042ed3094bb9e9fa53cb26f0d31b66a0d420ac109793a41a49ce787b3e50a27fc4c8622498b5

Download Submit
memory/2400-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2400-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2400-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2400-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2400-15-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2400-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/3032-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3032-19-0x0000000000280000-0x00000000003B3000-memory.dmp

Filesize
1.2MB

Download
memory/3032-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3032-25-0x0000000003510000-0x000000000373A000-memory.dmp

Filesize
2.2MB

Download
memory/3032-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3032-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download