f65f9e42ccb635f45fe31a8b3a757848d57c145dbcd5f930a99ca652e53de07c

Analysis

max time kernel
118s
max time network
131s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 13:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c8bc37438f89503365e032ce5d5ece7f.exe
Size

2.9MB
MD5

c8bc37438f89503365e032ce5d5ece7f
SHA1

3dc3886d904fae9f52520877f6487cc3514a2dba
SHA256

f65f9e42ccb635f45fe31a8b3a757848d57c145dbcd5f930a99ca652e53de07c
SHA512

3e7001ecf4619cb90cc6db8baa00bd80ce075e776c5a70344eb060dc0658d6651dd5777781437f0fa3f1d1e4346c439673a2d9130845ba4bceebf85a9c445c61
SSDEEP

49152:VF1vXUvt2elwXMPIv6H2UP4cbSkON74NH5HUyNRcUsCVOzetdZJ:VF1vEvt2e6XwIvq2g4ctO4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2316	c8bc37438f89503365e032ce5d5ece7f.exe

Executes dropped EXE 1 IoCs

pid	Process
2316	c8bc37438f89503365e032ce5d5ece7f.exe

Loads dropped DLL 1 IoCs

pid	Process
2008	c8bc37438f89503365e032ce5d5ece7f.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2008-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c00000001224c-13.dat	upx
behavioral1/files/0x000c00000001224c-10.dat	upx
behavioral1/memory/2316-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2008	c8bc37438f89503365e032ce5d5ece7f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2008	c8bc37438f89503365e032ce5d5ece7f.exe
2316	c8bc37438f89503365e032ce5d5ece7f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2316	2008	c8bc37438f89503365e032ce5d5ece7f.exe	28
PID 2008 wrote to memory of 2316	2008	c8bc37438f89503365e032ce5d5ece7f.exe	28
PID 2008 wrote to memory of 2316	2008	c8bc37438f89503365e032ce5d5ece7f.exe	28
PID 2008 wrote to memory of 2316	2008	c8bc37438f89503365e032ce5d5ece7f.exe	28

C:\Users\Admin\AppData\Local\Temp\c8bc37438f89503365e032ce5d5ece7f.exe
"C:\Users\Admin\AppData\Local\Temp\c8bc37438f89503365e032ce5d5ece7f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\c8bc37438f89503365e032ce5d5ece7f.exe
  C:\Users\Admin\AppData\Local\Temp\c8bc37438f89503365e032ce5d5ece7f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c8bc37438f89503365e032ce5d5ece7f.exe

Filesize
2.5MB

MD5
5cc8654454d99d57a7ca7f323ec8691c

SHA1
1a76d21ca5323497765bc159731237385bb56f0f

SHA256
38722661390cb96221b8869df0645cb84351f2554b2a0fdaab02ce236354e8ca

SHA512
3c21ed04ae57eac1a1d880905960424d36bdaa8a9544039601d3046c28e2ff083c9a750172739eb3f214d66023cd5fc9abb857629569368061be9b773b6b01fe

Download Submit
\Users\Admin\AppData\Local\Temp\c8bc37438f89503365e032ce5d5ece7f.exe

Filesize
2.9MB

MD5
c84b30376fd43ff73969dda6df833ce2

SHA1
57d2c574947b948230c14ffccb2d95d10a577ab9

SHA256
2257fbb0986a1572e35dbede0965d505ff62d93adf512f19b61790bcd6af1b9b

SHA512
20f2972c04ce36aa7d369209314114002147ef65edfb88007d55ded1b4c5d612da2491e80262f45e5eb832cb543b25dbd136ce575d115fc6f8da439e255e33e6

Download Submit
memory/2008-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2008-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2008-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2008-15-0x00000000038E0000-0x0000000003DCF000-memory.dmp

Filesize
4.9MB

Download
memory/2008-1-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/2316-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2316-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2316-19-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2316-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2316-24-0x00000000034E0000-0x000000000370A000-memory.dmp

Filesize
2.2MB

Download
memory/2316-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download