9ee318ca001462d02448523490e415897a34c7da63d185503d230a3753cfcd30

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 07:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7aa4bfa06f248f4450ce6a3e67c5f600.exe
Size

5.3MB
MD5

7aa4bfa06f248f4450ce6a3e67c5f600
SHA1

22a5b1fafe4004579f88b137b8c1725f4b05e967
SHA256

9ee318ca001462d02448523490e415897a34c7da63d185503d230a3753cfcd30
SHA512

4230704c0d144502076adad6092d421a721a0e70aa0ceea1ce2e755f237da8945a0deabd2913b30fb855a90b43f6b3c576234258a10fadaf15bbabd0e83afe4c
SSDEEP

98304:YuMGSeXTn8Cs/mjkHUv38C5hX+Ska4H/jckmNIqfDQWVA9qq8jUHUv38C5hX+SkJ:Ywz8Zmk0v38aXMBfjhiI3whjU0v38aXw

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1636	7aa4bfa06f248f4450ce6a3e67c5f600.exe

Executes dropped EXE 1 IoCs

pid	Process
1636	7aa4bfa06f248f4450ce6a3e67c5f600.exe

Loads dropped DLL 1 IoCs

pid	Process
2408	7aa4bfa06f248f4450ce6a3e67c5f600.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2408-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/memory/1636-15-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000c0000000122f0-13.dat	upx
behavioral1/files/0x000c0000000122f0-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2408	7aa4bfa06f248f4450ce6a3e67c5f600.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2408	7aa4bfa06f248f4450ce6a3e67c5f600.exe
1636	7aa4bfa06f248f4450ce6a3e67c5f600.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 1636	2408	7aa4bfa06f248f4450ce6a3e67c5f600.exe	28
PID 2408 wrote to memory of 1636	2408	7aa4bfa06f248f4450ce6a3e67c5f600.exe	28
PID 2408 wrote to memory of 1636	2408	7aa4bfa06f248f4450ce6a3e67c5f600.exe	28
PID 2408 wrote to memory of 1636	2408	7aa4bfa06f248f4450ce6a3e67c5f600.exe	28

C:\Users\Admin\AppData\Local\Temp\7aa4bfa06f248f4450ce6a3e67c5f600.exe
"C:\Users\Admin\AppData\Local\Temp\7aa4bfa06f248f4450ce6a3e67c5f600.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Users\Admin\AppData\Local\Temp\7aa4bfa06f248f4450ce6a3e67c5f600.exe
  C:\Users\Admin\AppData\Local\Temp\7aa4bfa06f248f4450ce6a3e67c5f600.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7aa4bfa06f248f4450ce6a3e67c5f600.exe

Filesize
256KB

MD5
6f982ec82e3a095679f508784c8c1470

SHA1
7d5677d2826647c4ca6122892fe0fa04eb6752e4

SHA256
6616e31eb6bead16aa1608080129cf1a5036fff7c996e1cb6ba97755ddd9d940

SHA512
f20e16ec987d02edf9ac49ecc8a3934e9361a646312a5f39ed57d2aaccf853e0a7aa2c7df51cd1d83c93720c98163995f5389e673b2a48d77a9000cec826243e

Download Submit
\Users\Admin\AppData\Local\Temp\7aa4bfa06f248f4450ce6a3e67c5f600.exe

Filesize
231KB

MD5
4324f61aa5fbc1c64552c21ff69cd0fc

SHA1
9e9c9af4a866570b139bdc8c328cf8eb273f7400

SHA256
c5761dbbeea666d1aeecff5486ffca354073e4a274e1aa12d4047d80aa8815c6

SHA512
ae1d9e60e095d22b11dbd464b5faefd1229e5f3e8f00ffa1cbd7d60f667b0acc3dd962ff7fb3248dc0adefb2d5ab8c9add3bb2c16f9365db0b975804d11463b0

Download Submit
memory/1636-15-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1636-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1636-17-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1636-22-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1636-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/1636-30-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2408-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2408-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2408-2-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2408-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download