7fab6caf09674636863dab788e1e1d2c27e29299d6eac3f534268d28d369d276

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6673a39c54943d413cea158f0268542c.exe
Size

5.8MB
MD5

6673a39c54943d413cea158f0268542c
SHA1

56bcbb80a5794885b64f39ca6dcac14d7111970d
SHA256

7fab6caf09674636863dab788e1e1d2c27e29299d6eac3f534268d28d369d276
SHA512

6b3987ec92b172db83167dac7d7cfb0769a8a65630736715d596cbd165439ef44404ec6409f7a53c0a38546304c46d021321a3947c464f15918951b217fa19a3
SSDEEP

98304:rYZkLVts5C+3Hau42c1joCjMPkNwk6lz93Ho+dhWfsQxq4GlxOHau42c1joCjMP3:dtR0auq1jI86d93HYfsQs4Gl2auq1jIH

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3040	6673a39c54943d413cea158f0268542c.exe

Executes dropped EXE 1 IoCs

pid	Process
3040	6673a39c54943d413cea158f0268542c.exe

Loads dropped DLL 1 IoCs

pid	Process
3036	6673a39c54943d413cea158f0268542c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3036-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d000000012262-10.dat	upx
behavioral1/files/0x000d000000012262-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3036	6673a39c54943d413cea158f0268542c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3036	6673a39c54943d413cea158f0268542c.exe
3040	6673a39c54943d413cea158f0268542c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 3040	3036	6673a39c54943d413cea158f0268542c.exe	28
PID 3036 wrote to memory of 3040	3036	6673a39c54943d413cea158f0268542c.exe	28
PID 3036 wrote to memory of 3040	3036	6673a39c54943d413cea158f0268542c.exe	28
PID 3036 wrote to memory of 3040	3036	6673a39c54943d413cea158f0268542c.exe	28

C:\Users\Admin\AppData\Local\Temp\6673a39c54943d413cea158f0268542c.exe
"C:\Users\Admin\AppData\Local\Temp\6673a39c54943d413cea158f0268542c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Users\Admin\AppData\Local\Temp\6673a39c54943d413cea158f0268542c.exe
  C:\Users\Admin\AppData\Local\Temp\6673a39c54943d413cea158f0268542c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6673a39c54943d413cea158f0268542c.exe

Filesize
986KB

MD5
736c14938a3a1b90c5c8d066bd29e043

SHA1
80ec95232fccf37143a902e208208fd6c6ad8a9b

SHA256
9964472365627f331a2bd5f48cc952def604a7496fe5c9b646463e13bbc05659

SHA512
f26ffda049bb4a134bcf7927c36ab1172935581b572a718ff8007bd739404fb76e4062400636f1f9c8418d54f03cf8df3e614f7a64cad9b65845d8402a7f495e

Download Submit
\Users\Admin\AppData\Local\Temp\6673a39c54943d413cea158f0268542c.exe

Filesize
780KB

MD5
6d9c031cd5514246f36e8c77b021b413

SHA1
db2295363a8339c924f371adf249dabede2b5aed

SHA256
e22e01a5b638cc5ad2829533836c2ce9806b98407a9ff0f50c2380289b25fa59

SHA512
68ea84facbf4f3881acd91fb10ed522410d6b197d8dfddfc0b6df0ef19451b008e2f66a8760bd78afd2d6515f540ddab96c4fde1d1be3664d9a087c6621bbb95

Download Submit
memory/3036-3-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3036-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3036-16-0x0000000003F20000-0x000000000440F000-memory.dmp

Filesize
4.9MB

Download
memory/3036-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3036-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3036-31-0x0000000003F20000-0x000000000440F000-memory.dmp

Filesize
4.9MB

Download
memory/3040-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3040-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3040-20-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/3040-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/3040-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3040-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download