db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bb

Analysis

max time kernel
74s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/10/2024, 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bbN.exe
Size

8.4MB
MD5

eb57ec9eec7e90c3bf1515d1fcd10350
SHA1

08e8626aad864a82cb1da6b8ede62eea35b9e23a
SHA256

db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bb
SHA512

1a16b2355b8ea39f64bf0c652747dfa1693d5d2cc8471a7a7ca2dbfab190f31cfecfd8c0dc6b276f824d28178eed8cd534185c97e3018ff88fba41888c7181c4
SSDEEP

196608:GteY79V+urErvI9pWjgfPvzm6gsGcEg4Ar:oeY8urEUWjC3zDQcd4Ar

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2108	db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bbN.exe
2108	db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bbN.exe
2108	db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bbN.exe
2108	db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bbN.exe
2108	db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bbN.exe
2108	db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bbN.exe
2108	db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bbN.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a483-73.dat	upx
behavioral1/memory/2108-75-0x000007FEF6120000-0x000007FEF6712000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 2108	1720	db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bbN.exe	31
PID 1720 wrote to memory of 2108	1720	db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bbN.exe	31
PID 1720 wrote to memory of 2108	1720	db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bbN.exe	31

C:\Users\Admin\AppData\Local\Temp\db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bbN.exe
"C:\Users\Admin\AppData\Local\Temp\db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bbN.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Users\Admin\AppData\Local\Temp\db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bbN.exe
  "C:\Users\Admin\AppData\Local\Temp\db8ce32d8cedcc2eb2af55988c4db24d86a6d9ca3e3caba2877330421ab190bbN.exe"
  2⤵
  - Loads dropped DLL
  PID:2108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI17202\python311.dll

Filesize
1.6MB

MD5
ccdbd8027f165575a66245f8e9d140de

SHA1
d91786422ce1f1ad35c528d1c4cd28b753a81550

SHA256
503cd34daed4f6d320731b368bbd940dbac1ff7003321a47d81d81d199cca971

SHA512
870b54e4468db682b669887aeef1ffe496f3f69b219bda2405ac502d2dcd67b6542db6190ea6774abf1db5a7db429ce8f6d2fc5e88363569f15cf4df78da2311

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI17202\ucrtbase.dll

Filesize
1.1MB

MD5
634ccf5740715c8482be72e8ced5af61

SHA1
79049af9e9b775da1c2051343d18ca0ab972c7dc

SHA256
c508db2f26355ed73112fd4d636dab8b321f942a64b8fddb914797413e2335dc

SHA512
dfe972948afaa878aff326cb4b49329298480e7ba72775cb8d2f744d0380ccc11be0bc00b368c2513b5b9f39143b3fe90979b92f0d0405ca2b847d30cef2e269

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI17202\api-ms-win-core-file-l1-2-0.dll

Filesize
22KB

MD5
d8988153d1ebc09b93a078416e5dbfaf

SHA1
d3789700d04e30440eee60c36daa79213be7d169

SHA256
0f0168910611f9878c40018e0b024d303a9c078f942020bca0d1c328bf04f1bb

SHA512
1e50bca6b067ecd40a779eaa13ba38c0a1a9fe8830356703619be401211a3eab484c1763d8ed6c4eca904a5c2b7e5cb7189052960227f74fc160daad40073ef2

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI17202\api-ms-win-core-file-l2-1-0.dll

Filesize
22KB

MD5
78395758e9f3cec3269315ff39ab6268

SHA1
8cab2dab3d601be912817e9b978ba7285482954d

SHA256
56795989c7b3861eb26d9b96b130fff607531ecbcde62cf66e8f0f47061b3968

SHA512
60a2cdab1f324e35413955c0e55e2cd0510b9d342d0dcb44a0e65d67906753c9a9170e1b63acf61cec8490a9d1934d225bc635f02034ede782a725d534d47236

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI17202\api-ms-win-core-localization-l1-2-0.dll

Filesize
22KB

MD5
e7da0e7fd6506864500e3a057cec248d

SHA1
631b3980379d58e7ec9c38b2762d95f740e2da14

SHA256
2fd707c9ed3f3c0d580a52267a331a9691da09728da80b1e1ee37f77526a0107

SHA512
ebece590f9af9990118fce39506fb6b9ecaf9470e355a13039c57574a26c654456c6739198f50cf41d7c95b382d537fa0f26b1298a2972efe647886f221dacaf

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI17202\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
22KB

MD5
45bdc0b305efdadd9df11b356b4edf6a

SHA1
32f5546e7627850b332de8587e1766b91b3e65c6

SHA256
f17dcab5ae9678e9921ccdbb919580875cb6470f0cc5485e3b0880f0a22606ee

SHA512
d971a8e07b161c9547ba9b73e475f9291e47bdff152a354f25e1497405c2fad6b531c2e204f4bf0923f79d5100b7574198fd9647d9f01620e308dc6b550d520e

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI17202\api-ms-win-core-timezone-l1-1-0.dll

Filesize
22KB

MD5
329a9bc4bb1e8c1d6d0b0e14128447fb

SHA1
c276b0cb025ad03e87f7e304abb3ec781286369e

SHA256
a5343106180c8efc46ad128ba38abaffb8bdb426adba538def56f4df792d58a1

SHA512
2ca374127a467c22518446c491064aad121aa848ebb58162841cddcad4dc1fc28a3d1e6866ba677ea939b715db4c236e5699d0bebc6623f8bd665345d6c6ce5e

Download Submit
memory/2108-75-0x000007FEF6120000-0x000007FEF6712000-memory.dmp

Filesize
5.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads