8567f97ee3ca46d4b93f70c7485bc6c23425ec61d7658973b95fe9776d5941a7

Analysis

max time kernel
117s
max time network
139s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-03-2024 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1f03870facbf1acde044ac3e69f33fe.exe
Size

5.3MB
MD5

c1f03870facbf1acde044ac3e69f33fe
SHA1

2ea7c10d156fd93e4a4b75bce792af485af09c4c
SHA256

8567f97ee3ca46d4b93f70c7485bc6c23425ec61d7658973b95fe9776d5941a7
SHA512

71d963be6180b9d9431988b35837ab9082b527f3af6a322846aca4e802fc1e6fd707164bf3bb492fa8eb3026c9a8954559cd5190d2f535b3e6676dcde82c2286
SSDEEP

98304:+VcByr+3/HyC79lTNuAdAHktBcwQDM2YIDULHYP4xlB9v7jkuoy2HktBcwQDM2Yd:v0S3/j79lTNugAschDHIT1Fv2schDHIN

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1748	c1f03870facbf1acde044ac3e69f33fe.exe

Executes dropped EXE 1 IoCs

pid	Process
1748	c1f03870facbf1acde044ac3e69f33fe.exe

Loads dropped DLL 1 IoCs

pid	Process
1784	c1f03870facbf1acde044ac3e69f33fe.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1784-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a000000012265-10.dat	upx
behavioral1/files/0x000a000000012265-13.dat	upx
behavioral1/memory/1784-15-0x0000000003CA0000-0x0000000004187000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1784	c1f03870facbf1acde044ac3e69f33fe.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1784	c1f03870facbf1acde044ac3e69f33fe.exe
1748	c1f03870facbf1acde044ac3e69f33fe.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 1748	1784	c1f03870facbf1acde044ac3e69f33fe.exe	28
PID 1784 wrote to memory of 1748	1784	c1f03870facbf1acde044ac3e69f33fe.exe	28
PID 1784 wrote to memory of 1748	1784	c1f03870facbf1acde044ac3e69f33fe.exe	28
PID 1784 wrote to memory of 1748	1784	c1f03870facbf1acde044ac3e69f33fe.exe	28

C:\Users\Admin\AppData\Local\Temp\c1f03870facbf1acde044ac3e69f33fe.exe
"C:\Users\Admin\AppData\Local\Temp\c1f03870facbf1acde044ac3e69f33fe.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Users\Admin\AppData\Local\Temp\c1f03870facbf1acde044ac3e69f33fe.exe
  C:\Users\Admin\AppData\Local\Temp\c1f03870facbf1acde044ac3e69f33fe.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c1f03870facbf1acde044ac3e69f33fe.exe

Filesize
320KB

MD5
6de681af923f78565003b2994f8dcf53

SHA1
d11281ef06735210362c8af7687a908bec01e187

SHA256
04c2724a4b0e841782a88ed0eec7564b9b7b669bb253f9b35cafe98d436d10dd

SHA512
c497eb9a7ac81d90cc58cc4ad04b2f632c1e677478b52054780b79ebac566f0d6db34e23be4c263dfa682a942456742201713dd6265b60ab1f1544c2954d1373

Download Submit
\Users\Admin\AppData\Local\Temp\c1f03870facbf1acde044ac3e69f33fe.exe

Filesize
960KB

MD5
6472c293c37c3c4acd37c12acb2d54c4

SHA1
7bcd753cd2b25d179522a33986068c1208e6eac1

SHA256
08a7e69d806044cd5bcd407fe7d82eae4459a602d533dc6d4b0cc5370063cd62

SHA512
21db83a24117312ebec699dd8246afbbdeeed8b8e372e4658a19b611f76b2177060f8801ee9725eaa4ec8e27fed587bb7a262930d15392eb07303f3ffa5e1177

Download Submit
memory/1748-19-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1748-17-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/1748-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1748-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/1748-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1748-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1784-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1784-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1784-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1784-15-0x0000000003CA0000-0x0000000004187000-memory.dmp

Filesize
4.9MB

Download
memory/1784-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1784-31-0x0000000003CA0000-0x0000000004187000-memory.dmp

Filesize
4.9MB

Download