6ddb0b6b5e144b04775ac4ecac6384c61cb903bdec7d854b9f1f99d0000faea7

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79d7d6c2449d71c5f57e3d7274cecc42.exe
Size

76KB
MD5

79d7d6c2449d71c5f57e3d7274cecc42
SHA1

37b651e35c3ffd1641a818ab4a0df7c7054ebe2d
SHA256

6ddb0b6b5e144b04775ac4ecac6384c61cb903bdec7d854b9f1f99d0000faea7
SHA512

da0d159e88b979f2b9b5270a54a9120d284687d31b1086d5eef66a9e71f7281e9bab2da2bf844d226c63cf6430f8cccb2bbb2a6c968e9e421ebc9015a16f3aee
SSDEEP

1536:i0iA2Dg42PQe1l1mwSHkWlxOyFNbvEJ3D6ZWJzzED:32J8QFHLOyHbMJT+Ozg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2192-0-0x0000000000400000-0x0000000000425000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\KKYECa7cX	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\kc5EkqCghH	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\gNADHr	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\oSIru3SWY	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\xO8HATyLOY	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\aGAhEhsUk	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\xcYbidTs	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\O7E1iaf22s	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\BNL5qes	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\VYheTgWVhv	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\jvCdUC	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\N5hbL6aH	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\u8Qfaq	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\DX7CfXOvPi	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\wFyfJt	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\ekHFhX4c	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\xNiEn	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\pXNtfL	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\Xs6kVY	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\bfxio	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\kAcXHdPa	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\djc3GMAv	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\OerVNcIU	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\8PpDHAfK3i	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\nlFAbIa	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\qWab5IJ	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\CCLOgpM	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\BhsWaf	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\mAn1T2tUw	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\iMBu3o	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\T3kUj	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\3tDqVkUOoG	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\icybByB7U	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\kXEPL1AT3	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\SHAcB	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\eXywNfD	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\8EAjHymp	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\BliukY4HP	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\oF1CKLrj	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\78ErIXU	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\vxy1p3	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\Y6NxdTNG	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\urWpo	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\C7XHWqda3J	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\QBlXkV4	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\7BP46dfh	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\qqtX4	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\AqcTjYS4	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\XeBrLSBhFa	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\phEx45E	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\qF7MFv	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\6foPCe7qNo	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\vARUH	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\144jkRfYe5	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\Ggic7	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\31smHNO	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\AE5mB2cG7	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\8DDlY	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\v7VdnYqe	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\M5UPkoM	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\EsxjCr	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\K1288ihQ	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\k2UcdPmmu	79d7d6c2449d71c5f57e3d7274cecc42.exe
File opened for modification	C:\Windows\TtMYc336j	79d7d6c2449d71c5f57e3d7274cecc42.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2192	79d7d6c2449d71c5f57e3d7274cecc42.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
2192	79d7d6c2449d71c5f57e3d7274cecc42.exe
2192	79d7d6c2449d71c5f57e3d7274cecc42.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2192	79d7d6c2449d71c5f57e3d7274cecc42.exe

C:\Users\Admin\AppData\Local\Temp\79d7d6c2449d71c5f57e3d7274cecc42.exe
"C:\Users\Admin\AppData\Local\Temp\79d7d6c2449d71c5f57e3d7274cecc42.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious behavior: RenamesItself
PID:2192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2192-0-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2192-108-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2192-109-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2192-110-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2192-111-0x00000000002D0000-0x00000000002D9000-memory.dmp

Filesize
36KB

Download
memory/2192-112-0x00000000002D0000-0x00000000002D9000-memory.dmp

Filesize
36KB

Download