7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6

Analysis

max time kernel
142s
max time network
33s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
23-06-2023 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
Size

2.4MB
MD5

950be563cffc355231d4e9f1d8e6a902
SHA1

b0ddd2201fb60253f92a5d4df18487c649436025
SHA256

7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6
SHA512

f7d5b7cd25edb404351f21533a29f9a45fffe671100f25950235a09303e0d6d6da66bc4f03fa6705bf20fd5ce8cf712de9479f6f5063c9df90fe5557bbc3ccdc
SSDEEP

24576:i4GHnhIzO6YYXsf9vA5eNizYpnjfONnXfoMBtyfuzRODhXym0Iwzl7DDEb81O:tshd6YYXYNA5L+njat9ROEJNDEo1

Score

7^/10

aspackv2 upx

Malware Config

Signatures

ASPack v2.12-2.42 4 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

Processes:

resource	yara_rule
\Program Files (x86)\MP3SoundRecorder\MP3SoundRecorder.exe	aspack_v212_v242
C:\Program Files (x86)\MP3SoundRecorder\MP3SoundRecorder.exe	aspack_v212_v242
\Program Files (x86)\MP3SoundRecorder\MP3SoundRecorder.exe	aspack_v212_v242
C:\Program Files (x86)\MP3SoundRecorder\MP3SoundRecorder.exe	aspack_v212_v242

Executes dropped EXE 1 IoCs

Processes:

MP3SoundRecorder.exe

pid process

1352 MP3SoundRecorder.exe

pid	process
1352	MP3SoundRecorder.exe

Loads dropped DLL 5 IoCs

Processes:

7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exeMP3SoundRecorder.exe

pid	process
2032	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
2032	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
1352	MP3SoundRecorder.exe
1352	MP3SoundRecorder.exe
1352	MP3SoundRecorder.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2032-131-0x0000000000400000-0x00000000006CC000-memory.dmp	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
behavioral1/memory/2032-131-0x0000000000400000-0x00000000006CC000-memory.dmp	autoit_exe

Drops file in Program Files directory 28 IoCs

Processes:

7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\MP3SoundRecorder\ti_rec_p.ico	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File created	C:\Program Files (x86)\MP3SoundRecorder\mp3dec2.dll	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File opened for modification	C:\Program Files (x86)\MP3SoundRecorder\mp3decdll.dll	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File opened for modification	C:\Program Files (x86)\MP3SoundRecorder\set.ini	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File opened for modification	C:\Program Files (x86)\MP3SoundRecorder\ti_rec.ico	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File created	C:\Program Files (x86)\MP3SoundRecorder\MP3SoundRecorder.exe	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File created	C:\Program Files (x86)\MP3SoundRecorder\set.ini	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File opened for modification	C:\Program Files (x86)\MP3SoundRecorder\ti.ico	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File created	C:\Program Files (x86)\MP3SoundRecorder\ti_rec.ico	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File created	C:\Program Files (x86)\MP3SoundRecorder\ti_rec_p.ico	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File opened for modification	C:\Program Files (x86)\MP3SoundRecorder\Help.chm	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File created	C:\Program Files (x86)\MP3SoundRecorder\record.dll	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File opened for modification	C:\Program Files (x86)\MP3SoundRecorder\prmixer.dll	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File created	C:\Program Files (x86)\MP3SoundRecorder\ti_play.ico	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File created	C:\Program Files (x86)\MP3SoundRecorder\ti_play_p.ico	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File opened for modification	C:\Program Files (x86)\MP3SoundRecorder\mp3dec2.dll	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File opened for modification	C:\Program Files (x86)\MP3SoundRecorder\MP3SoundRecorder.exe	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File created	C:\Program Files (x86)\MP3SoundRecorder\ti.ico	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File created	C:\Program Files (x86)\MP3SoundRecorder\readme.txt	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File created	C:\Program Files (x86)\MP3SoundRecorder\Help.chm	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File opened for modification	C:\Program Files (x86)\MP3SoundRecorder\lame_enc.dll	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File opened for modification	C:\Program Files (x86)\MP3SoundRecorder\ti_play.ico	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File opened for modification	C:\Program Files (x86)\MP3SoundRecorder\ti_play_p.ico	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File created	C:\Program Files (x86)\MP3SoundRecorder\lame_enc.dll	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File opened for modification	C:\Program Files (x86)\MP3SoundRecorder\record.dll	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File created	C:\Program Files (x86)\MP3SoundRecorder\prmixer.dll	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File opened for modification	C:\Program Files (x86)\MP3SoundRecorder\readme.txt	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
File created	C:\Program Files (x86)\MP3SoundRecorder\mp3decdll.dll	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

MP3SoundRecorder.exe

pid process

1352 MP3SoundRecorder.exe

pid	process
1352	MP3SoundRecorder.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe

description	pid	process	target process
PID 2032 wrote to memory of 1352	2032	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe	MP3SoundRecorder.exe
PID 2032 wrote to memory of 1352	2032	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe	MP3SoundRecorder.exe
PID 2032 wrote to memory of 1352	2032	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe	MP3SoundRecorder.exe
PID 2032 wrote to memory of 1352	2032	7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe	MP3SoundRecorder.exe

C:\Users\Admin\AppData\Local\Temp\7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe
"C:\Users\Admin\AppData\Local\Temp\7b7f97109ad8e1a640269aabdfa9b85d35c0cbaa785c84f2625f73bd04b89eb6.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2032

C:\Program Files (x86)\MP3SoundRecorder\MP3SoundRecorder.exe
"C:\Program Files (x86)\MP3SoundRecorder\MP3SoundRecorder.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:1352

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\MP3SoundRecorder\Help.chm
Filesize
248KB

MD5
9186d8fc4b4298ca4fc0caa405970a9e

SHA1
f6f97cf79d261908a5872c657aba9cefd9c170c6

SHA256
cff94f945b47337dcf86a255f34c86f7970cd03b194329be0cbd0b980a33ac61

SHA512
5db9ac188a464e382c58c877cf4b4d8c4e528c5db93fe8f501cad8352ee74b59fc910d3de011c0d42e1ac6ec53c16a81f1bcf73e106a8117863e557e74a3f43e

Download Submit
C:\Program Files (x86)\MP3SoundRecorder\MP3SoundRecorder.exe
Filesize
293KB

MD5
4b4596685b04d3d2fa26d3db2566e3d9

SHA1
a585baa7927b7d9ed48e71d16be1cb082380ccf9

SHA256
0febad3d37a4181e6fb0c4b22e3c474ed31feca37ed5cdf467c47034a12801d1

SHA512
46a1919c33a4c560d148e819d723774d70a59a39d1bdcfbfdd8b21c35e79d539408a3c0eedaa8deb773a35fe460852840997eb46f7ae6e03301866a0cea81c39

Download Submit
C:\Program Files (x86)\MP3SoundRecorder\MP3SoundRecorder.exe
Filesize
293KB

MD5
4b4596685b04d3d2fa26d3db2566e3d9

SHA1
a585baa7927b7d9ed48e71d16be1cb082380ccf9

SHA256
0febad3d37a4181e6fb0c4b22e3c474ed31feca37ed5cdf467c47034a12801d1

SHA512
46a1919c33a4c560d148e819d723774d70a59a39d1bdcfbfdd8b21c35e79d539408a3c0eedaa8deb773a35fe460852840997eb46f7ae6e03301866a0cea81c39

Download Submit
C:\Program Files (x86)\MP3SoundRecorder\Record.dll
Filesize
144KB

MD5
0900b5101c195e81136d9ae29f2ffab1

SHA1
23aa366cd9680a7cb9d852eafd792ecfacc1b2a0

SHA256
db1773367d1f1577083c92f8af9aaad2697730a8e2114bd979077a2eb83cb3e1

SHA512
29f3bcfe931d3e213362ddb9006cf3cee1279797edc296921075301be4c5b54a88941f252f055ea0141d15cba2e75bcd8a349a064b9811340a91cd74043ee944

Download Submit
C:\Program Files (x86)\MP3SoundRecorder\mp3dec2.dll
Filesize
44KB

MD5
e37e04a72f9c06a0ddb327c7a85c4433

SHA1
68dd5bc160ad3838264e3be75211f0a709790b8e

SHA256
b77ef65a7e415a6aa4b10244057951d37e6c19750fec58e271360aa0dc5d94c3

SHA512
de33fec8a9a560b4712c8f17eb34f66f44216e8b05d46f10b4e60636f7fda299cd91d8d893914f741d701497a95e636114e21c4f8533b082a9df49b5aa1c0c20

Download Submit
C:\Program Files (x86)\MP3SoundRecorder\prmixer.dll
Filesize
184KB

MD5
43d7d7490fa34f55abb2d91a886f9f86

SHA1
fcb09bc35908631db403a05bb9e4b0b72a0bb003

SHA256
38ca4d2075d74f4ac6a5dade53754320cd31a4270e2c6ab0498ff4bcf4f07acc

SHA512
e48effed54499cfa39ea252064f71bba157e2afb55f7006f6f670d9b1e9a4bd3c8f4d7869658fa5e7b7b043c162df565f64ee07ce3d704647858971b6dc72038

Download Submit
C:\Program Files (x86)\MP3SoundRecorder\set.ini
Filesize
562B

MD5
3bdff134bb920cb94e0f8c276d15b641

SHA1
23fec0ca9ea4b75ed0a01ba8856d365eddd9c375

SHA256
e4ddef3d1e5063d0e57bd70798c45a118b4fe8675029f14aeee3a7578e9e05bb

SHA512
ffdb18835ef95258f16d101dae452c67e5c02d49b281684a67a2ac1d108a5c7643ea9e3d849fa428d0a86fbaa3048a949a59f6e3e99513d256c9daed50536ed8

Download Submit
C:\Program Files (x86)\MP3SoundRecorder\ti.ico
Filesize
318B

MD5
134c8bed1fc5e4a3e770601ae8f27da5

SHA1
6ff5a0f9c9edad8a30ce4892f1b8bf3d313d2160

SHA256
b736782a412a078e8d46ea43199f2f8725cb40ea470ec314763f9cb2a88c9954

SHA512
237941da48a648aa55624001ad3e7f8bf2289de4d6b5fdea78c9c552c7d21cd05d2d6665fa52ac0d761bdbbe3313bf4c8ba07da8e8e8e2de48dc1e1e0670bc81

Download Submit
\Program Files (x86)\MP3SoundRecorder\MP3SoundRecorder.exe
Filesize
293KB

MD5
4b4596685b04d3d2fa26d3db2566e3d9

SHA1
a585baa7927b7d9ed48e71d16be1cb082380ccf9

SHA256
0febad3d37a4181e6fb0c4b22e3c474ed31feca37ed5cdf467c47034a12801d1

SHA512
46a1919c33a4c560d148e819d723774d70a59a39d1bdcfbfdd8b21c35e79d539408a3c0eedaa8deb773a35fe460852840997eb46f7ae6e03301866a0cea81c39

Download Submit
\Program Files (x86)\MP3SoundRecorder\MP3SoundRecorder.exe
Filesize
293KB

MD5
4b4596685b04d3d2fa26d3db2566e3d9

SHA1
a585baa7927b7d9ed48e71d16be1cb082380ccf9

SHA256
0febad3d37a4181e6fb0c4b22e3c474ed31feca37ed5cdf467c47034a12801d1

SHA512
46a1919c33a4c560d148e819d723774d70a59a39d1bdcfbfdd8b21c35e79d539408a3c0eedaa8deb773a35fe460852840997eb46f7ae6e03301866a0cea81c39

Download Submit
\Program Files (x86)\MP3SoundRecorder\mp3dec2.dll
Filesize
44KB

MD5
e37e04a72f9c06a0ddb327c7a85c4433

SHA1
68dd5bc160ad3838264e3be75211f0a709790b8e

SHA256
b77ef65a7e415a6aa4b10244057951d37e6c19750fec58e271360aa0dc5d94c3

SHA512
de33fec8a9a560b4712c8f17eb34f66f44216e8b05d46f10b4e60636f7fda299cd91d8d893914f741d701497a95e636114e21c4f8533b082a9df49b5aa1c0c20

Download Submit
\Program Files (x86)\MP3SoundRecorder\prmixer.dll
Filesize
184KB

MD5
43d7d7490fa34f55abb2d91a886f9f86

SHA1
fcb09bc35908631db403a05bb9e4b0b72a0bb003

SHA256
38ca4d2075d74f4ac6a5dade53754320cd31a4270e2c6ab0498ff4bcf4f07acc

SHA512
e48effed54499cfa39ea252064f71bba157e2afb55f7006f6f670d9b1e9a4bd3c8f4d7869658fa5e7b7b043c162df565f64ee07ce3d704647858971b6dc72038

Download Submit
\Program Files (x86)\MP3SoundRecorder\record.dll
Filesize
144KB

MD5
0900b5101c195e81136d9ae29f2ffab1

SHA1
23aa366cd9680a7cb9d852eafd792ecfacc1b2a0

SHA256
db1773367d1f1577083c92f8af9aaad2697730a8e2114bd979077a2eb83cb3e1

SHA512
29f3bcfe931d3e213362ddb9006cf3cee1279797edc296921075301be4c5b54a88941f252f055ea0141d15cba2e75bcd8a349a064b9811340a91cd74043ee944

Download Submit
memory/1352-141-0x00000000003B0000-0x00000000003D8000-memory.dmp

Filesize
160KB

Download
memory/1352-137-0x00000000002B0000-0x00000000002E2000-memory.dmp

Filesize
200KB

Download
memory/1352-145-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1352-146-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/1352-154-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/1352-155-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/2032-131-0x0000000000400000-0x00000000006CC000-memory.dmp

Filesize
2.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads