6f355f8d4f2924baa4f8cb0de0635489019a1113e10bb91e92c96366ccc2bc1a

Analysis

max time kernel
114s
max time network
247s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 07:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a66a364fd8b698ef866c155f9fec8f3.exe
Size

5.3MB
MD5

7a66a364fd8b698ef866c155f9fec8f3
SHA1

cc562138e3ec63b775b0a4b273ade4f7e135e651
SHA256

6f355f8d4f2924baa4f8cb0de0635489019a1113e10bb91e92c96366ccc2bc1a
SHA512

86bf6ab07654416e456020f1e431cbd10ad1137590a59d8035f4c2613c787d383626fff9f2d2277b761d57192326154c5ca06731afaef6c1f198a60270217ab7
SSDEEP

98304:HLAnfG/UrSSy8jvMeK/xxNmJs9EwkvSsv2wekTM77BgjvMeK/xxNmJs9Ef:HLAnBuP6MeK/x9Gv9dgfMMeK/x94

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3028	7a66a364fd8b698ef866c155f9fec8f3.exe

Executes dropped EXE 1 IoCs

pid	Process
3028	7a66a364fd8b698ef866c155f9fec8f3.exe

Loads dropped DLL 1 IoCs

pid	Process
2652	7a66a364fd8b698ef866c155f9fec8f3.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2652-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-10.dat	upx
behavioral1/files/0x0004000000004ed7-13.dat	upx
behavioral1/memory/3028-15-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2652	7a66a364fd8b698ef866c155f9fec8f3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2652	7a66a364fd8b698ef866c155f9fec8f3.exe
3028	7a66a364fd8b698ef866c155f9fec8f3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 3028	2652	7a66a364fd8b698ef866c155f9fec8f3.exe	29
PID 2652 wrote to memory of 3028	2652	7a66a364fd8b698ef866c155f9fec8f3.exe	29
PID 2652 wrote to memory of 3028	2652	7a66a364fd8b698ef866c155f9fec8f3.exe	29
PID 2652 wrote to memory of 3028	2652	7a66a364fd8b698ef866c155f9fec8f3.exe	29

C:\Users\Admin\AppData\Local\Temp\7a66a364fd8b698ef866c155f9fec8f3.exe
"C:\Users\Admin\AppData\Local\Temp\7a66a364fd8b698ef866c155f9fec8f3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Users\Admin\AppData\Local\Temp\7a66a364fd8b698ef866c155f9fec8f3.exe
  C:\Users\Admin\AppData\Local\Temp\7a66a364fd8b698ef866c155f9fec8f3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7a66a364fd8b698ef866c155f9fec8f3.exe

Filesize
1.5MB

MD5
bf72b048d2a8893393ae207f7d2c835b

SHA1
586c68523c29ed4f9f873d7e1229715fe68a645e

SHA256
cca70218d0d496c9873ec2bbcdba0f65d2d493f92d267ec5a210dea6460dcdd1

SHA512
9f663b5b3b89252b7aae7803b7898fd0e0510cb558e724de120fb6cb3181dd789adeed4c8bbe20ca3a4b680300939604cbc564ae831a025a3918e5fe47e7862a

Download Submit
\Users\Admin\AppData\Local\Temp\7a66a364fd8b698ef866c155f9fec8f3.exe

Filesize
2.9MB

MD5
828d5efc8d4a380438eaa89286da762b

SHA1
0a0bdacf13ff343cbc14bd176b3ad66c6a0f366b

SHA256
15c22ddbd5caf3e351eb045c17a9b97b1421f2295463ee8ccd95f13d8b35f6dd

SHA512
5dc5b745bb58f0ed72184b9532c58f9356b553883a8fb47df193894ab759dfd08f33b6c139a17e642aeac3cf5b677dc08da3f8335b15ca0688b154c962499978

Download Submit
memory/2652-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2652-3-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2652-12-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2652-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2652-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3028-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3028-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/3028-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3028-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3028-27-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/3028-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download