e9f693b27f4eb0ccf273e77015f59426d120bc7213acfb9805463f48d7c50eda

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 08:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c7d2080ec5365de9e947444c6e1e65a.exe
Size

5.8MB
MD5

7c7d2080ec5365de9e947444c6e1e65a
SHA1

ace13aaae36f0fb78fd583ada24243f1df26aecd
SHA256

e9f693b27f4eb0ccf273e77015f59426d120bc7213acfb9805463f48d7c50eda
SHA512

5ab1c46db40f61eb6ebcfb709867ff47ca6f3b3813a2a49041455e814577fa0a23e7a673817724577fca1ac4a9b27fde5ce47b759a2d681c4a38f798794da295
SSDEEP

98304:mRLsX123b/qb1Ogg3gnl/IVUs1jePseaZbGm5sX6gg3gnl/IVUs1jePs:QsX1y/M16gl/iBiPD+6m5zgl/iBiP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2204	7c7d2080ec5365de9e947444c6e1e65a.exe

Executes dropped EXE 1 IoCs

pid	Process
2204	7c7d2080ec5365de9e947444c6e1e65a.exe

Loads dropped DLL 1 IoCs

pid	Process
2496	7c7d2080ec5365de9e947444c6e1e65a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2496-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000e000000012670-15.dat	upx
behavioral1/files/0x000e000000012670-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2496	7c7d2080ec5365de9e947444c6e1e65a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2496	7c7d2080ec5365de9e947444c6e1e65a.exe
2204	7c7d2080ec5365de9e947444c6e1e65a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2204	2496	7c7d2080ec5365de9e947444c6e1e65a.exe	28
PID 2496 wrote to memory of 2204	2496	7c7d2080ec5365de9e947444c6e1e65a.exe	28
PID 2496 wrote to memory of 2204	2496	7c7d2080ec5365de9e947444c6e1e65a.exe	28
PID 2496 wrote to memory of 2204	2496	7c7d2080ec5365de9e947444c6e1e65a.exe	28

C:\Users\Admin\AppData\Local\Temp\7c7d2080ec5365de9e947444c6e1e65a.exe
"C:\Users\Admin\AppData\Local\Temp\7c7d2080ec5365de9e947444c6e1e65a.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Users\Admin\AppData\Local\Temp\7c7d2080ec5365de9e947444c6e1e65a.exe
  C:\Users\Admin\AppData\Local\Temp\7c7d2080ec5365de9e947444c6e1e65a.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7c7d2080ec5365de9e947444c6e1e65a.exe

Filesize
495KB

MD5
06c0e5058b5fc23bf344bdfed71fed01

SHA1
18823f0a4066e06fec19cf9b46d867b9a5033a05

SHA256
78a16bd609b8c5650176bc7b848e6c5e76883f1f86e1781619f0cacd25d468a3

SHA512
ca00d92e4eb0889ab7769a23bc99266e6e33be0bce30c0f34fdb1f9a1476f142b6ad70bf251b2bfe9efb2551ca7eb59237890845792ddd9f386082df115bafd8

Download Submit
\Users\Admin\AppData\Local\Temp\7c7d2080ec5365de9e947444c6e1e65a.exe

Filesize
862KB

MD5
642bdae85ddc62bf67afe11b094aab63

SHA1
3ee2c8cfc9f2e457cb46a031adc84c4d9ae3cd1b

SHA256
43bbd6b9e615367c7f37f0e2bdbcfc2005cf7c9e0efa0abb1f7680f87a4ad6b3

SHA512
1356c524213ad27663ca23c9fdde655a28d10d33f2b4764df007d9a382c39784fb11eee057c4708bd8cf60e7385c31f509f624bc99356cfca0ad8d47ae43bd50

Download Submit
memory/2204-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2204-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2204-20-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2204-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2204-25-0x00000000033F0000-0x000000000361A000-memory.dmp

Filesize
2.2MB

Download
memory/2204-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2496-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2496-14-0x0000000003F50000-0x000000000443F000-memory.dmp

Filesize
4.9MB

Download
memory/2496-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2496-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2496-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2496-31-0x0000000003F50000-0x000000000443F000-memory.dmp

Filesize
4.9MB

Download