f15988bec43a01aaf78bbf171a2c5461116c9860f900b36e7d1d2aae78750d7d

Analysis

max time kernel
121s
max time network
171s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 15:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bc1c168cd1aff80c2c2d6214d3824501.exe
Size

2.9MB
MD5

bc1c168cd1aff80c2c2d6214d3824501
SHA1

ce6a21b8ef2d044200e851286fe63d8daa669b58
SHA256

f15988bec43a01aaf78bbf171a2c5461116c9860f900b36e7d1d2aae78750d7d
SHA512

df7e5b861e94b5ece62f13a290262b0ad8c101e7801f145bc3c765194eab4e24d6855e558ee2cae2c3da7f6558ea1b1430d36c46e06bac9fb6906a3c61d42d22
SSDEEP

49152:Y826Ag/rUV1hjbU2+xWhK2279Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:c6xWhjbsGU7Hau42c1joCjMPkNwk6

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3008	bc1c168cd1aff80c2c2d6214d3824501.exe

Executes dropped EXE 1 IoCs

pid	Process
3008	bc1c168cd1aff80c2c2d6214d3824501.exe

Loads dropped DLL 1 IoCs

pid	Process
2588	bc1c168cd1aff80c2c2d6214d3824501.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2588-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012265-12.dat	upx
behavioral1/files/0x0008000000012265-10.dat	upx
behavioral1/files/0x0008000000012265-14.dat	upx
behavioral1/memory/3008-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2588	bc1c168cd1aff80c2c2d6214d3824501.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2588	bc1c168cd1aff80c2c2d6214d3824501.exe
3008	bc1c168cd1aff80c2c2d6214d3824501.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2588 wrote to memory of 3008	2588	bc1c168cd1aff80c2c2d6214d3824501.exe	28
PID 2588 wrote to memory of 3008	2588	bc1c168cd1aff80c2c2d6214d3824501.exe	28
PID 2588 wrote to memory of 3008	2588	bc1c168cd1aff80c2c2d6214d3824501.exe	28
PID 2588 wrote to memory of 3008	2588	bc1c168cd1aff80c2c2d6214d3824501.exe	28

C:\Users\Admin\AppData\Local\Temp\bc1c168cd1aff80c2c2d6214d3824501.exe
"C:\Users\Admin\AppData\Local\Temp\bc1c168cd1aff80c2c2d6214d3824501.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2588
- C:\Users\Admin\AppData\Local\Temp\bc1c168cd1aff80c2c2d6214d3824501.exe
  C:\Users\Admin\AppData\Local\Temp\bc1c168cd1aff80c2c2d6214d3824501.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bc1c168cd1aff80c2c2d6214d3824501.exe

Filesize
1.4MB

MD5
8318dfc61072dc30c0e838b06eb11ffb

SHA1
9a4eece2cada31896ffb39b154282b079da0849f

SHA256
d66ef6d1053b3db2efc5575bc728ed6f1bbadff5c739fc1ab1e371c715a6476c

SHA512
df747d6345c866809f89bd26a9e06a0c9f5b162a20bf4d6edefa5610cdf8ffd462de59760364756fe939a4fb1570616fb7441182f18503861f67651360ff48cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\bc1c168cd1aff80c2c2d6214d3824501.exe

Filesize
2.9MB

MD5
05f79a392f6c2487ce8df79b7219b13b

SHA1
704c8621eea04a87b75a505a2eff7e03028deaf6

SHA256
84a960faa234adb03ec4962c3e1e98745c3a9910a2e48d289496aff53146812f

SHA512
21573875c7dc6690f987207a0bfde2b2fc9527db8013fd140b299634dbfd45e6751b428dc8c058e507d2c959aabdf05081a432f191705e1c2da24b1d1a5bc3bb

Download Submit
\Users\Admin\AppData\Local\Temp\bc1c168cd1aff80c2c2d6214d3824501.exe

Filesize
2.5MB

MD5
1437e2cc5b88ce30240fe418c3dfa83d

SHA1
c40960fa2a678374a65fee4f817177f3dab74d7c

SHA256
d9518c7b06faa8eb50efa70fe8ad7339ad9cd9c5397143b2e760d5d257cd7372

SHA512
e2249f4c828926e66df3acef6f4c78d542ac37ab5ef8beebd00b06515c814f656179afea9d01e75bf91ba46b2af1875d7a6d5ff9fad2ea0898e813b60d3c322f

Download Submit
memory/2588-15-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2588-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2588-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2588-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2588-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2588-31-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/3008-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3008-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/3008-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3008-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/3008-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3008-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download