77fd569d61a9c14d6f89b7320659bb0cf0af171bcf94c0067d9319c9f129330d

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 19:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bca34c574370f291edcbda7a4755c972.exe
Size

2.9MB
MD5

bca34c574370f291edcbda7a4755c972
SHA1

a11e6c8b0c7ba5ac91c94cdc80362ee7c79daaea
SHA256

77fd569d61a9c14d6f89b7320659bb0cf0af171bcf94c0067d9319c9f129330d
SHA512

ce5a8f46303ed0ebcc05643ce433f666495b9380056b8733383a04ff853cf96264e554f6c1014c825db8a3f79f7032bae2fbac9f3a5fbb177aef73862898a55b
SSDEEP

49152:XRvU8sz0P2haha5dmH+SnrWaRyCk0HP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:XRvFsrh3dmeSqacCkYgg3gnl/IVUs1jl

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1392	bca34c574370f291edcbda7a4755c972.exe

Executes dropped EXE 1 IoCs

pid	Process
1392	bca34c574370f291edcbda7a4755c972.exe

Loads dropped DLL 1 IoCs

pid	Process
2820	bca34c574370f291edcbda7a4755c972.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2820-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000014a94-12.dat	upx
behavioral1/files/0x000a000000014a94-10.dat	upx
behavioral1/files/0x000a000000014a94-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2820	bca34c574370f291edcbda7a4755c972.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2820	bca34c574370f291edcbda7a4755c972.exe
1392	bca34c574370f291edcbda7a4755c972.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 1392	2820	bca34c574370f291edcbda7a4755c972.exe	28
PID 2820 wrote to memory of 1392	2820	bca34c574370f291edcbda7a4755c972.exe	28
PID 2820 wrote to memory of 1392	2820	bca34c574370f291edcbda7a4755c972.exe	28
PID 2820 wrote to memory of 1392	2820	bca34c574370f291edcbda7a4755c972.exe	28

C:\Users\Admin\AppData\Local\Temp\bca34c574370f291edcbda7a4755c972.exe
"C:\Users\Admin\AppData\Local\Temp\bca34c574370f291edcbda7a4755c972.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Users\Admin\AppData\Local\Temp\bca34c574370f291edcbda7a4755c972.exe
  C:\Users\Admin\AppData\Local\Temp\bca34c574370f291edcbda7a4755c972.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bca34c574370f291edcbda7a4755c972.exe

Filesize
1.3MB

MD5
08ac28c3b27431ead20666ee15493a23

SHA1
fb1a84b5bf02248a104d7162721f1849a65dd52b

SHA256
a334d9f71d809f248189aafe5ac8e8ee437de664ca898f91349458fdd27802cb

SHA512
e075a7724f7d251fb8c8ea3caee7afac9b2190a72c24a3294942b5fb4af10412afc2892e4507c26d25a00fd8639313f8dcd64da669c025d1c9991a4c56d6e6a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\bca34c574370f291edcbda7a4755c972.exe

Filesize
1.6MB

MD5
9ff70f262b34ac2511ef1d13d1debc5e

SHA1
b4550e03e6f73c9e10cd06b944115e870a40d948

SHA256
b59d28aa1086cf38f4aa48fdac8ed9a6be41ef98ca24fb4206b0e24dbc3529ba

SHA512
c229cecba2ba9b0070e7e1427fab4a1ae1eada729676f0ae7ee25556989ec2e217d406e1258a2c28c616231e12b74dabff3bc5838aad2934e446f617e06b1fef

Download Submit
\Users\Admin\AppData\Local\Temp\bca34c574370f291edcbda7a4755c972.exe

Filesize
1.7MB

MD5
af3c5420c0c94b65e3f282ada193eeeb

SHA1
bb9cd84319827c129bd18ce4f0d20dd2e682d5db

SHA256
443ffe5cbaa8aa3ba6b428eee4bec9f35b64a4fce805fa3e5a434ce5a9a0c53f

SHA512
3a497fb6e40df14d328040044864be97fc8cbd59d363284332407f16d43b423e082681178de9630f7119d1a11ee5108d3fb3b3ce629778d5a83af527541bdaf9

Download Submit
memory/1392-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1392-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1392-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1392-22-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/1392-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1392-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2820-3-0x00000000002A0000-0x00000000003D3000-memory.dmp

Filesize
1.2MB

Download
memory/2820-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2820-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2820-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download