7ba7579219b35bb4be8748738ea17e769422470c9fcc15dcb5eb500a29d47263

Analysis

max time kernel
122s
max time network
164s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

058ddef4388ffc8e797d8cc245cc7af1.exe
Size

5.3MB
MD5

058ddef4388ffc8e797d8cc245cc7af1
SHA1

402809ca5b4ae2cfcfea1c69396f3734850912b6
SHA256

7ba7579219b35bb4be8748738ea17e769422470c9fcc15dcb5eb500a29d47263
SHA512

43ea62a7fadee05ce7752082b6de89b4a5e0bf27382c20cc43773525106dd9dedea0c862420cdac4fe0bbe516c85703d0f39a9416603a9c20038971e182723bf
SSDEEP

98304:BqyTRwFDFu+jAl8H7d8JpmmV91oqzHvVGVf+jY/UvJQc4H7d8JpmmV91oqzHj:BqyTiDtjU8bd8JYmhtPjs/UvJP4bd8JR

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2896	058ddef4388ffc8e797d8cc245cc7af1.exe

Executes dropped EXE 1 IoCs

pid	Process
2896	058ddef4388ffc8e797d8cc245cc7af1.exe

Loads dropped DLL 1 IoCs

pid	Process
2784	058ddef4388ffc8e797d8cc245cc7af1.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2784-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000c000000012337-10.dat	upx
behavioral1/memory/2784-13-0x0000000003CA0000-0x0000000004187000-memory.dmp	upx
behavioral1/memory/2896-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000c000000012337-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2784	058ddef4388ffc8e797d8cc245cc7af1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2784	058ddef4388ffc8e797d8cc245cc7af1.exe
2896	058ddef4388ffc8e797d8cc245cc7af1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 2896	2784	058ddef4388ffc8e797d8cc245cc7af1.exe	27
PID 2784 wrote to memory of 2896	2784	058ddef4388ffc8e797d8cc245cc7af1.exe	27
PID 2784 wrote to memory of 2896	2784	058ddef4388ffc8e797d8cc245cc7af1.exe	27
PID 2784 wrote to memory of 2896	2784	058ddef4388ffc8e797d8cc245cc7af1.exe	27

C:\Users\Admin\AppData\Local\Temp\058ddef4388ffc8e797d8cc245cc7af1.exe
"C:\Users\Admin\AppData\Local\Temp\058ddef4388ffc8e797d8cc245cc7af1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Users\Admin\AppData\Local\Temp\058ddef4388ffc8e797d8cc245cc7af1.exe
  C:\Users\Admin\AppData\Local\Temp\058ddef4388ffc8e797d8cc245cc7af1.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\058ddef4388ffc8e797d8cc245cc7af1.exe

Filesize
1.2MB

MD5
f6b4c7401baceed7b65860e46ff8fd7f

SHA1
895d7373ea17b1f24563c58910bb5085af8494aa

SHA256
9b55ddc8ab93fac73ffb120203ca1240ac2acac5cab206e27600ce427a672496

SHA512
537253ca37036bd033f2a4d3f64b4a2c8b5a1a769f49f684e86a4ae6ea22c7d11cfafec1524147cb041b00d9e3c9e48f657c5bde55614b18e1874a5408ded556

Download Submit
\Users\Admin\AppData\Local\Temp\058ddef4388ffc8e797d8cc245cc7af1.exe

Filesize
1.0MB

MD5
a3acd840c30c54075794b0d47f5619df

SHA1
d7aedf35d5484f1920a549556b2e4d480cf49275

SHA256
38f6da20ca67992da4a96be7aa327c83fe97da668033f5ae9f3c5064a32c20d6

SHA512
09dc877f4be5f52ada82cc5594d5bd6f89849976c385d7af4e5b8dd4186889c20134f770ffe621b29054a1731e195f717e368401ce1573958e31daf341b8154a

Download Submit
memory/2784-30-0x0000000003CA0000-0x0000000004187000-memory.dmp

Filesize
4.9MB

Download
memory/2784-0-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2784-3-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2784-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2784-13-0x0000000003CA0000-0x0000000004187000-memory.dmp

Filesize
4.9MB

Download
memory/2784-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2896-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2896-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2896-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2896-25-0x0000000003510000-0x0000000003732000-memory.dmp

Filesize
2.1MB

Download
memory/2896-18-0x00000000002A0000-0x00000000003D1000-memory.dmp

Filesize
1.2MB

Download
memory/2896-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download