972f5a0546d5df00a53f0625e563f2448eaadea8880ea137d7a9390f831d7ab6

Analysis

max time kernel
118s
max time network
158s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a7545506f8d63f26aac78e541d3c5eb.exe
Size

2.7MB
MD5

7a7545506f8d63f26aac78e541d3c5eb
SHA1

462a2f6db190d4ca0d29990290f4f61d1adb39d7
SHA256

972f5a0546d5df00a53f0625e563f2448eaadea8880ea137d7a9390f831d7ab6
SHA512

99f1ef06262654e7e461ca66ce74355862afebfd13a05f6064cb6931aba801234a22367a26ecb9213db1d7aa690a97b97b8d99392e4ad7219b85d30ae6a68515
SSDEEP

49152:PFfmzwbwV3g/6MSxCc2rR9ktBc1+Q4YdxSChG38bDUggR9t:P90wbsgSZCc2rHktBcwQDM2YIDULHt

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2800	7a7545506f8d63f26aac78e541d3c5eb.exe

Executes dropped EXE 1 IoCs

pid	Process
2800	7a7545506f8d63f26aac78e541d3c5eb.exe

Loads dropped DLL 1 IoCs

pid	Process
2656	7a7545506f8d63f26aac78e541d3c5eb.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2656-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0009000000012270-10.dat	upx
behavioral1/files/0x0009000000012270-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2656	7a7545506f8d63f26aac78e541d3c5eb.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2656	7a7545506f8d63f26aac78e541d3c5eb.exe
2800	7a7545506f8d63f26aac78e541d3c5eb.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2800	2656	7a7545506f8d63f26aac78e541d3c5eb.exe	27
PID 2656 wrote to memory of 2800	2656	7a7545506f8d63f26aac78e541d3c5eb.exe	27
PID 2656 wrote to memory of 2800	2656	7a7545506f8d63f26aac78e541d3c5eb.exe	27
PID 2656 wrote to memory of 2800	2656	7a7545506f8d63f26aac78e541d3c5eb.exe	27

C:\Users\Admin\AppData\Local\Temp\7a7545506f8d63f26aac78e541d3c5eb.exe
"C:\Users\Admin\AppData\Local\Temp\7a7545506f8d63f26aac78e541d3c5eb.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Users\Admin\AppData\Local\Temp\7a7545506f8d63f26aac78e541d3c5eb.exe
  C:\Users\Admin\AppData\Local\Temp\7a7545506f8d63f26aac78e541d3c5eb.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7a7545506f8d63f26aac78e541d3c5eb.exe

Filesize
475KB

MD5
64dc0dafc30fca47378503e501c5546a

SHA1
92448f0f4ae73f94293b6e3d3e01b6cf5c675599

SHA256
7eea2b1299ed9d63da69ea6113e293eb64637aa5357b7e9636673e685e359763

SHA512
c370f76327deb3884ce2027f301708ff5e9364c849ecfc103046c3731c8b68de32c5ca4b11f08be6c3598256648af82d4acecc8774cfac6b265993aad6cca04a

Download Submit
\Users\Admin\AppData\Local\Temp\7a7545506f8d63f26aac78e541d3c5eb.exe

Filesize
716KB

MD5
40dee9361ad220786d6ab43a82e24459

SHA1
b9b95be830c8a11dfe363c0e1be70ebccb3364eb

SHA256
c9bf3be21ff180e073242b5796ae99fd6b6fbeb27926c2c2c627337c753c3892

SHA512
e611b9a99d3bcd8364c904ec25e5d559fd97b182e9cfcfcddc23795891736a2cab627b1a622ee091f2899ec0f5bc8b939950811b07d6374313e1dbce83803e6a

Download Submit
memory/2656-15-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/2656-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2656-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2656-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2656-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2656-31-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/2800-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2800-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2800-19-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2800-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2800-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2800-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download