4d24a985a16b68606ccfdff088b2b8a2f42c0e62774ac40be039eb33e27e6496

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 13:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c0b8d38fd18cd2b75535760f9efc488c.exe
Size

2.7MB
MD5

c0b8d38fd18cd2b75535760f9efc488c
SHA1

a7c0f41ace2ef3676e30598f27c078146a11e8cd
SHA256

4d24a985a16b68606ccfdff088b2b8a2f42c0e62774ac40be039eb33e27e6496
SHA512

c7900556cef111b3bd656a4617e3272e411b8152b2a6a88f004c16e87bb0762ae20ecaa0857c39f46e866199e89749734b70eaa7476800bcc571192035b02330
SSDEEP

49152:ujiFv6t57ZmODRXPf4/d2SHvv648r9fsHAJImSLMW:MiFUZV134oSPv64i956mSLMW

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2584	c0b8d38fd18cd2b75535760f9efc488c.exe

Executes dropped EXE 1 IoCs

pid	Process
2584	c0b8d38fd18cd2b75535760f9efc488c.exe

Loads dropped DLL 1 IoCs

pid	Process
2980	c0b8d38fd18cd2b75535760f9efc488c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2980-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000c00000001231c-11.dat	upx
behavioral1/files/0x000c00000001231c-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2980	c0b8d38fd18cd2b75535760f9efc488c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2980	c0b8d38fd18cd2b75535760f9efc488c.exe
2584	c0b8d38fd18cd2b75535760f9efc488c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2584	2980	c0b8d38fd18cd2b75535760f9efc488c.exe	28
PID 2980 wrote to memory of 2584	2980	c0b8d38fd18cd2b75535760f9efc488c.exe	28
PID 2980 wrote to memory of 2584	2980	c0b8d38fd18cd2b75535760f9efc488c.exe	28
PID 2980 wrote to memory of 2584	2980	c0b8d38fd18cd2b75535760f9efc488c.exe	28

C:\Users\Admin\AppData\Local\Temp\c0b8d38fd18cd2b75535760f9efc488c.exe
"C:\Users\Admin\AppData\Local\Temp\c0b8d38fd18cd2b75535760f9efc488c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Users\Admin\AppData\Local\Temp\c0b8d38fd18cd2b75535760f9efc488c.exe
  C:\Users\Admin\AppData\Local\Temp\c0b8d38fd18cd2b75535760f9efc488c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c0b8d38fd18cd2b75535760f9efc488c.exe

Filesize
160KB

MD5
fc17b8e26aa0bec8e9c7ef38d1eebc65

SHA1
bb8b41f4b44055f1879a3d3c417917d9947aef9a

SHA256
6049ac944a006aa741c025493d4379b0a86e4a9d3da5f5bdc6564e82b3a3983c

SHA512
71c3afb0c1cb9b5ba1f2a05f3a2f006ccb0eb32b0ef990fd113b3968755df1b147bab9c99be3ce30e2523346efba8606addde7732793f30ac4ef51ac0f7f0e34

Download Submit
\Users\Admin\AppData\Local\Temp\c0b8d38fd18cd2b75535760f9efc488c.exe

Filesize
217KB

MD5
b24c954dd13ec1bb60c8e751ae668f98

SHA1
cffc70ad252edde9e6526cf79a0fcb3cb60e2571

SHA256
fc97d5208fb0eb853983c2e5692fbd37fc67b24ec3da63f8cea0b563bbbacd3d

SHA512
9a5174ca5d5770f19d367a6e8527606a7f13fb1954b36aba23538bad361896741e956a6a98a286fecd5450ef30f678cba3d16b87a830a26bd08b205ebf9ccf7c

Download Submit
memory/2584-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2584-17-0x00000000002B0000-0x00000000003C2000-memory.dmp

Filesize
1.1MB

Download
memory/2584-19-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2584-25-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2980-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2980-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2980-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2980-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download