e141d6f459bb37ed8861bba69614ad222ab214c1fba62145a71e00aafc24a51c

Analysis

max time kernel
140s
max time network
144s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8c7388b8c08382d21c449735a0cae1c.exe
Size

1.3MB
MD5

c8c7388b8c08382d21c449735a0cae1c
SHA1

47c6c2a5d136fa7994ec296464f4bf5e8920b964
SHA256

e141d6f459bb37ed8861bba69614ad222ab214c1fba62145a71e00aafc24a51c
SHA512

b7d0add0d117a5c1bf67c526c16789e33c00a62d94b9f2d6ce3ab02f9108d59c19b4b10012515b35e3c345e4150c1bd823812bc265da72db18bd3f5bd1c415ab
SSDEEP

24576:jNTnDm5jndandbrnCBF31sjfABgmN3KW/CrEIZOGVmEuw4JNcvG:jNm5jdoSgmNUrXO1Eub

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2256	c8c7388b8c08382d21c449735a0cae1c.exe

Executes dropped EXE 1 IoCs

pid	Process
2256	c8c7388b8c08382d21c449735a0cae1c.exe

Loads dropped DLL 1 IoCs

pid	Process
2072	c8c7388b8c08382d21c449735a0cae1c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2072-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000900000001222c-15.dat	upx
behavioral1/files/0x000900000001222c-13.dat	upx
behavioral1/memory/2256-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2072	c8c7388b8c08382d21c449735a0cae1c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2072	c8c7388b8c08382d21c449735a0cae1c.exe
2256	c8c7388b8c08382d21c449735a0cae1c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2256	2072	c8c7388b8c08382d21c449735a0cae1c.exe	28
PID 2072 wrote to memory of 2256	2072	c8c7388b8c08382d21c449735a0cae1c.exe	28
PID 2072 wrote to memory of 2256	2072	c8c7388b8c08382d21c449735a0cae1c.exe	28
PID 2072 wrote to memory of 2256	2072	c8c7388b8c08382d21c449735a0cae1c.exe	28

C:\Users\Admin\AppData\Local\Temp\c8c7388b8c08382d21c449735a0cae1c.exe
"C:\Users\Admin\AppData\Local\Temp\c8c7388b8c08382d21c449735a0cae1c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Users\Admin\AppData\Local\Temp\c8c7388b8c08382d21c449735a0cae1c.exe
  C:\Users\Admin\AppData\Local\Temp\c8c7388b8c08382d21c449735a0cae1c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2256

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c8c7388b8c08382d21c449735a0cae1c.exe

Filesize
1.3MB

MD5
df17dd2728bbd3cadb83a23fc76bbef4

SHA1
ad53d07c09e7dd99eb177274b63c78b3d1c9bad9

SHA256
40e019d5207218044137a6f4ddffed4316b6cf5ed654d30d1a693dbef4c72ebb

SHA512
1531f7909c6f36d2a2e9a2dcf30f6871ce6528b1c3dbe61f34943ef1c668af68120d1dc1127c980b6fbe72e20462e2c2800b3b1d5eea3faf536c9da99b037ccf

Download Submit
C:\Users\Admin\AppData\Local\Temp\c8c7388b8c08382d21c449735a0cae1c.exe

Filesize
1.2MB

MD5
07b17623d297c6cb1c675478620670c8

SHA1
62916b82aad442a817a32c986fe0adef2b8e5d89

SHA256
53fb5cdd1a6aa026114e353986f072cb64ea86358d0525ab0310c6cb00875600

SHA512
d63bd9eaf21a232217d3846704645f9053c6101e6f739c8fc79314652612f6b2235d417b53215200752ec7520e3a7bc781e1960cabb96e983d03f46e5c614939

Download Submit
memory/2072-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2072-2-0x0000000000260000-0x0000000000372000-memory.dmp

Filesize
1.1MB

Download
memory/2072-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2072-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2072-16-0x0000000003680000-0x0000000003AEA000-memory.dmp

Filesize
4.4MB

Download
memory/2072-26-0x0000000003680000-0x0000000003AEA000-memory.dmp

Filesize
4.4MB

Download
memory/2256-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2256-19-0x0000000000230000-0x0000000000342000-memory.dmp

Filesize
1.1MB

Download
memory/2256-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2256-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download