39fe6bc05d38b8ffa6d12e86c5f04a61602555871505be8bb757745e933b6e48

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 04:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6795841bceee3cdf14c0dd32b07a2725.exe
Size

1.3MB
MD5

6795841bceee3cdf14c0dd32b07a2725
SHA1

70a62b61fd0c900010219608959cc07a772c21d9
SHA256

39fe6bc05d38b8ffa6d12e86c5f04a61602555871505be8bb757745e933b6e48
SHA512

af8753e56a5b86441e8b2fcdbe76f6745f4c0ca51b34cb3b960938f54f722a605c1d93363214ff35ffddb1433731fee44e414f5aa5d44162ec303cd68503dd53
SSDEEP

24576:QWg4S2nzEOWF+BUJfMJSg0yony2jbVtc/hAHogAqbk0vG:z3S2noO0+BUJksHG4VS/hAhAqY

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2856	6795841bceee3cdf14c0dd32b07a2725.exe

Executes dropped EXE 1 IoCs

pid	Process
2856	6795841bceee3cdf14c0dd32b07a2725.exe

Loads dropped DLL 1 IoCs

pid	Process
2916	6795841bceee3cdf14c0dd32b07a2725.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0009000000015c46-16.dat	upx
behavioral1/files/0x0009000000015c46-11.dat	upx
behavioral1/memory/2916-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2916	6795841bceee3cdf14c0dd32b07a2725.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2916	6795841bceee3cdf14c0dd32b07a2725.exe
2856	6795841bceee3cdf14c0dd32b07a2725.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2856	2916	6795841bceee3cdf14c0dd32b07a2725.exe	17
PID 2916 wrote to memory of 2856	2916	6795841bceee3cdf14c0dd32b07a2725.exe	17
PID 2916 wrote to memory of 2856	2916	6795841bceee3cdf14c0dd32b07a2725.exe	17
PID 2916 wrote to memory of 2856	2916	6795841bceee3cdf14c0dd32b07a2725.exe	17

C:\Users\Admin\AppData\Local\Temp\6795841bceee3cdf14c0dd32b07a2725.exe
"C:\Users\Admin\AppData\Local\Temp\6795841bceee3cdf14c0dd32b07a2725.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Users\Admin\AppData\Local\Temp\6795841bceee3cdf14c0dd32b07a2725.exe
  C:\Users\Admin\AppData\Local\Temp\6795841bceee3cdf14c0dd32b07a2725.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6795841bceee3cdf14c0dd32b07a2725.exe

Filesize
15KB

MD5
a544f01d315a0e895936e2d0f6e01abb

SHA1
59201bbbc0304fc8bf3d6f98824730a094c16c0a

SHA256
d6caf3cc79a4d9ea1f6e2488cfd3a627d852d0bcc1201af43c60a46189912b69

SHA512
03253416c7b2865865db44d031df4324428db7f5a64dd10b8ee3de3fd8fff0174c26cf5837deff648ef23b36624a661b0747ca2dd6cbf4a7651978e7a69521e7

Download Submit
\Users\Admin\AppData\Local\Temp\6795841bceee3cdf14c0dd32b07a2725.exe

Filesize
27KB

MD5
e332070dfa368fe1889090fca4eca25f

SHA1
2bfbfc15920762c73f7c5ab3f1dc20c9f98ab602

SHA256
ef4b21ccd2d2ac85ad50c3c05d1151a8a6e8e479e5ecbe907e8f79a2f2f91f41

SHA512
02de13aab6ff9ff0e9ded64acdf6675c326b7a5ade1b837ee913aed5577aaaf3127e65d98d27e738c51674d227ab1ff2e7840bcddea6d14a01dbcab38c062c57

Download Submit
memory/2856-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2856-20-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2856-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2856-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2916-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2916-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2916-15-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download
memory/2916-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2916-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2916-26-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download