7dcc18b12aae37ba58e9bd85ed5cf6e450f554335b85ad0298e95167e4f69a11

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

206957f4d558b6f71ba17b59140ea2d3.exe
Size

5.8MB
MD5

206957f4d558b6f71ba17b59140ea2d3
SHA1

d35b797d604762514970a4d6d039b02a10f33ebc
SHA256

7dcc18b12aae37ba58e9bd85ed5cf6e450f554335b85ad0298e95167e4f69a11
SHA512

f2b58a0be9fd1535dbda868fae77869b2c0ff7d0597dc7231791edb688567020a8d6a84374cf725dc91d81f9a349ca023e214cf201ac44fee010fce5e74b1d98
SSDEEP

98304:vQ0aY4SGSSextaJ++AMgg3gnl/IVUs1jePssfnBz//1QvOBnZsgg3gnl/IVUs1jl:vQ0owjxoJ7gl/iBiPjpmv6nZIgl/iBiP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2396	206957f4d558b6f71ba17b59140ea2d3.exe

Executes dropped EXE 1 IoCs

pid	Process
2396	206957f4d558b6f71ba17b59140ea2d3.exe

Loads dropped DLL 1 IoCs

pid	Process
1740	206957f4d558b6f71ba17b59140ea2d3.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1740-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000800000001222d-13.dat	upx
behavioral1/files/0x000800000001222d-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1740	206957f4d558b6f71ba17b59140ea2d3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1740	206957f4d558b6f71ba17b59140ea2d3.exe
2396	206957f4d558b6f71ba17b59140ea2d3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2396	1740	206957f4d558b6f71ba17b59140ea2d3.exe	28
PID 1740 wrote to memory of 2396	1740	206957f4d558b6f71ba17b59140ea2d3.exe	28
PID 1740 wrote to memory of 2396	1740	206957f4d558b6f71ba17b59140ea2d3.exe	28
PID 1740 wrote to memory of 2396	1740	206957f4d558b6f71ba17b59140ea2d3.exe	28

C:\Users\Admin\AppData\Local\Temp\206957f4d558b6f71ba17b59140ea2d3.exe
"C:\Users\Admin\AppData\Local\Temp\206957f4d558b6f71ba17b59140ea2d3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\Temp\206957f4d558b6f71ba17b59140ea2d3.exe
  C:\Users\Admin\AppData\Local\Temp\206957f4d558b6f71ba17b59140ea2d3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\206957f4d558b6f71ba17b59140ea2d3.exe

Filesize
1.5MB

MD5
2c56a742e8980c4d93a3797f63af3762

SHA1
4a893df53e402f84af9c6390556113cdb84d76f1

SHA256
df33ce334cde9086f496739688957452f37bac1946f1f5a6c6d5089fbcaa4981

SHA512
a219f65d9464d5ef6a677a8b767a69ef9938844e533d520969a93b6b06d6271d3fafd321247803f3a75dbc693aaa50499ba69600cdf829252ee58a63199b8628

Download Submit
\Users\Admin\AppData\Local\Temp\206957f4d558b6f71ba17b59140ea2d3.exe

Filesize
1.2MB

MD5
3ae1b970f038d6a43db8f5d06a157c70

SHA1
8f0211c1febacccd45fdd4bda696177e8d0115de

SHA256
ec991801037f06f255f6d8611dea09ec88118429e418ad8600ef59c54409ac89

SHA512
6f000112fe53658b0ea18d247672944d675551784f8ee31fba3b786acb7749aa6562b56f71b95c1580ed84319bc5bf887bcd0d9ebe0efbcb222559a1150d985f

Download Submit
memory/1740-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1740-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1740-15-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/1740-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1740-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2396-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2396-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2396-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2396-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2396-23-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2396-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download