6e2a1e8a8d8777da63255e153e611ba2826b5b565b40d27500bb0c0ae2e1f573

Analysis

max time kernel
119s
max time network
153s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 18:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc7b7e679a5598f910b9fc68f897c4fc.exe
Size

5.3MB
MD5

bc7b7e679a5598f910b9fc68f897c4fc
SHA1

5856b4e7de854de30a7d5837c54a88a7215f3871
SHA256

6e2a1e8a8d8777da63255e153e611ba2826b5b565b40d27500bb0c0ae2e1f573
SHA512

467441176d4cc28aa1208ce0f798c0266fc71a8104989957eb1d8d17a336f4651d856e4ae398a4359f583ee317e72e5e271a4134ce0f338a0f2281ad6b5459fc
SSDEEP

98304:sxNE4wL0HVRGst2HAutVBGubFAHFDpLgutGDYNbycHVRGst2HAutVBGubFAHj:s/En0zXtsAutVlZAXUutGDYUczXtsAu8

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1840	bc7b7e679a5598f910b9fc68f897c4fc.exe

Executes dropped EXE 1 IoCs

pid	Process
1840	bc7b7e679a5598f910b9fc68f897c4fc.exe

Loads dropped DLL 1 IoCs

pid	Process
2160	bc7b7e679a5598f910b9fc68f897c4fc.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2160-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000700000001225f-10.dat	upx
behavioral1/files/0x000700000001225f-15.dat	upx
behavioral1/memory/1840-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/memory/2160-14-0x0000000003CA0000-0x0000000004187000-memory.dmp	upx
behavioral1/files/0x000700000001225f-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2160	bc7b7e679a5598f910b9fc68f897c4fc.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2160	bc7b7e679a5598f910b9fc68f897c4fc.exe
1840	bc7b7e679a5598f910b9fc68f897c4fc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 1840	2160	bc7b7e679a5598f910b9fc68f897c4fc.exe	27
PID 2160 wrote to memory of 1840	2160	bc7b7e679a5598f910b9fc68f897c4fc.exe	27
PID 2160 wrote to memory of 1840	2160	bc7b7e679a5598f910b9fc68f897c4fc.exe	27
PID 2160 wrote to memory of 1840	2160	bc7b7e679a5598f910b9fc68f897c4fc.exe	27

C:\Users\Admin\AppData\Local\Temp\bc7b7e679a5598f910b9fc68f897c4fc.exe
"C:\Users\Admin\AppData\Local\Temp\bc7b7e679a5598f910b9fc68f897c4fc.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Users\Admin\AppData\Local\Temp\bc7b7e679a5598f910b9fc68f897c4fc.exe
  C:\Users\Admin\AppData\Local\Temp\bc7b7e679a5598f910b9fc68f897c4fc.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1840

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bc7b7e679a5598f910b9fc68f897c4fc.exe

Filesize
1.3MB

MD5
3bb058ac74c2d734c5d8b73b751a90ef

SHA1
b38d19ed3100a5016e7fd1ba62fbcd6bd87ef463

SHA256
99eb760b867b4f711b3a11b71b406aa88e747808e6634ae9c8a3ed4556118d38

SHA512
033ac8d10ce4b9b4b7455464000e1a5d4211ec2711e7bdbc60f88fa5153354c1cd2b6ccaa0d90f2362f2178385b5bd78b928a7d3353ff374c0d3cbbd95856137

Download Submit
C:\Users\Admin\AppData\Local\Temp\bc7b7e679a5598f910b9fc68f897c4fc.exe

Filesize
4.1MB

MD5
bc6325ed4b6370522e1045b7a2a3ab8e

SHA1
01d9ee95109f2173cad42a21e05daf2c5d316359

SHA256
21c64f1d81b3ac52c822ba202bc699dde781ff9ffaa6519c2d60bd1947508bc6

SHA512
25f73dfdcce588f7b24ed808c5cfdbdba289b91b9a82d418a4ca51ab3f95c6c4cddea98299a3184cb82b4e182598a0369894e39c45d5d7c2486338a8357076fc

Download Submit
\Users\Admin\AppData\Local\Temp\bc7b7e679a5598f910b9fc68f897c4fc.exe

Filesize
4.9MB

MD5
cd2a3a9a59a5f62d1081e4185d2a043f

SHA1
17e48df63a6248e1d37b7013b4619eca13520a5a

SHA256
527e1294fa15cb1a0ba2e5b44c33601b9113df951e25e4ebb11981c7e5886b1f

SHA512
a5064b39b13dcd60e87c0ecb60378761fe6efcbfeb3426a3eb6b6cf27d84a869e5817eeeb418b2e1786c7e68721ac37bdfbb4b414e9954aaa67de4cf193b5948

Download Submit
memory/1840-18-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1840-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1840-17-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/1840-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1840-24-0x00000000036D0000-0x00000000038F2000-memory.dmp

Filesize
2.1MB

Download
memory/1840-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2160-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2160-14-0x0000000003CA0000-0x0000000004187000-memory.dmp

Filesize
4.9MB

Download
memory/2160-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2160-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2160-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download