24808c8c5026c79ca0dfa979a0b1591d4df20cc67f95b251ae291e90baf6e42d

Analysis

max time kernel
3s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 16:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7cb4820cf4cdf6da34612b949b979c95.exe
Size

281KB
MD5

7cb4820cf4cdf6da34612b949b979c95
SHA1

df99f0410946fe99dab3004a8d41c8851f0232e8
SHA256

24808c8c5026c79ca0dfa979a0b1591d4df20cc67f95b251ae291e90baf6e42d
SHA512

5897b8601c8f80cf150425524d2f9fbf890acb28a0349ea92f245fbda4ff34fdb318893153a3c520ba727bf6ce2dec5999b16df002e2f5147816fdb3f4f154f0
SSDEEP

3072:R9ZNYpBPXgXPeeUaVfY9BI51P/DI9wabtli5JN2:RpGPXgXPemY9BI5BPaW9

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2884	msa.exe

UPX packed file 14 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3008-1-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral1/memory/2884-15-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral1/memory/3008-38532-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral1/memory/2884-38533-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral1/memory/3008-38534-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral1/memory/2884-38536-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral1/memory/2884-38537-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral1/memory/2884-38538-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral1/memory/2884-38539-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral1/memory/2884-38540-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral1/memory/2884-38541-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral1/memory/2884-38542-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral1/memory/2884-38543-0x0000000000400000-0x0000000000469000-memory.dmp	upx
behavioral1/memory/2884-38544-0x0000000000400000-0x0000000000469000-memory.dmp	upx

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	7cb4820cf4cdf6da34612b949b979c95.exe
File created	C:\Windows\msa.exe	7cb4820cf4cdf6da34612b949b979c95.exe
File opened for modification	C:\Windows\msa.exe	7cb4820cf4cdf6da34612b949b979c95.exe
File created	C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job	7cb4820cf4cdf6da34612b949b979c95.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3008	7cb4820cf4cdf6da34612b949b979c95.exe
2884	msa.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2884	3008	7cb4820cf4cdf6da34612b949b979c95.exe	28
PID 3008 wrote to memory of 2884	3008	7cb4820cf4cdf6da34612b949b979c95.exe	28
PID 3008 wrote to memory of 2884	3008	7cb4820cf4cdf6da34612b949b979c95.exe	28
PID 3008 wrote to memory of 2884	3008	7cb4820cf4cdf6da34612b949b979c95.exe	28

C:\Users\Admin\AppData\Local\Temp\7cb4820cf4cdf6da34612b949b979c95.exe
"C:\Users\Admin\AppData\Local\Temp\7cb4820cf4cdf6da34612b949b979c95.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\msa.exe
  C:\Windows\msa.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2884-38538-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2884-38543-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2884-15-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2884-38539-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2884-38533-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2884-38548-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2884-38536-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2884-38537-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2884-38547-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2884-38540-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2884-38546-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2884-38541-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2884-38542-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2884-38545-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/2884-38544-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/3008-1-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/3008-38532-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download
memory/3008-0-0x0000000000220000-0x0000000000223000-memory.dmp

Filesize
12KB

Download
memory/3008-38534-0x0000000000400000-0x0000000000469000-memory.dmp

Filesize
420KB

Download