b1185174f488fee7e7507f71354454efe40d3db14963778b94bbd3dea7ea9f4e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 23:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7320a9b5094b71e8024eabde572315f0.exe
Size

2.7MB
MD5

7320a9b5094b71e8024eabde572315f0
SHA1

f629ce7c593cb781228c001bac1f975ec155f3d7
SHA256

b1185174f488fee7e7507f71354454efe40d3db14963778b94bbd3dea7ea9f4e
SHA512

e7bdac0bd331dd2bd0d8a54ee569b50e53d643542edc4bc3730ca1cf5f8381e6d6f4f4fbcdacf4c356fbb5e087a048ae2b2b6a9b296b83b75b36ee71f4d0c8c8
SSDEEP

49152:QGv04PEhqgmCbcylsUeUua0md21TL8XcsvLo8QCv:QGc4PEhEcHpua0hIMsvLo8QC

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2148	7320a9b5094b71e8024eabde572315f0.exe

Executes dropped EXE 1 IoCs

pid	Process
2148	7320a9b5094b71e8024eabde572315f0.exe

Loads dropped DLL 1 IoCs

pid	Process
2532	7320a9b5094b71e8024eabde572315f0.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2532-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000d000000012246-16.dat	upx
behavioral1/files/0x000d000000012246-13.dat	upx
behavioral1/files/0x000d000000012246-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2532	7320a9b5094b71e8024eabde572315f0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2532	7320a9b5094b71e8024eabde572315f0.exe
2148	7320a9b5094b71e8024eabde572315f0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2148	2532	7320a9b5094b71e8024eabde572315f0.exe	28
PID 2532 wrote to memory of 2148	2532	7320a9b5094b71e8024eabde572315f0.exe	28
PID 2532 wrote to memory of 2148	2532	7320a9b5094b71e8024eabde572315f0.exe	28
PID 2532 wrote to memory of 2148	2532	7320a9b5094b71e8024eabde572315f0.exe	28

C:\Users\Admin\AppData\Local\Temp\7320a9b5094b71e8024eabde572315f0.exe
"C:\Users\Admin\AppData\Local\Temp\7320a9b5094b71e8024eabde572315f0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Users\Admin\AppData\Local\Temp\7320a9b5094b71e8024eabde572315f0.exe
  C:\Users\Admin\AppData\Local\Temp\7320a9b5094b71e8024eabde572315f0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7320a9b5094b71e8024eabde572315f0.exe

Filesize
428KB

MD5
06d3cded0ccd8c21a3a689e68a0c4338

SHA1
cceb108d369b7655438702696380151ef1641b61

SHA256
357b15fb635e0bbd99b11f009c4d94b7b0bfc523d034f49a4758378e93145023

SHA512
dd9b875856053296e344b983059b545acfcc795843aef8eec685d16714d3762730ebd415a5d6898861851720b23dabe19b76a0c93ac3012f7cc49d4d00ffa762

Download Submit
C:\Users\Admin\AppData\Local\Temp\7320a9b5094b71e8024eabde572315f0.exe

Filesize
291KB

MD5
19b0a1fcc3576e20a05aa3a5272af385

SHA1
31543604405eb215b70c24866c93a66acf60bfc4

SHA256
006e5c4c2c299b9aab253c42d8788ea6ade7848c0ededbc44b35d73d171f2e81

SHA512
ad258d4d9e49bcb3bebbfedea30b8bc07b82ea397dfaa2ab37ebd490d5c4ce6823637523994bc7a3d568c74c17128bac772df1aa9211b91e6e4120da8f775394

Download Submit
\Users\Admin\AppData\Local\Temp\7320a9b5094b71e8024eabde572315f0.exe

Filesize
350KB

MD5
1ccae09308ddda90220e1c22ad713da0

SHA1
c2dcf70111783228a2c564169ad7daf2de9026d4

SHA256
6f2472579bb29b610d768ca16bf0deaa026134f8eef1c7d78b223c77ecb4a35d

SHA512
63b6b4182491bb40e3b70ab75e2545dde39cdf72728b240641369be8d7a7fe919fb842fc922c4a388faa12fa04ad6712a3524136de23b8c563ffbfada02538db

Download Submit
memory/2148-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2148-19-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2148-21-0x0000000000290000-0x00000000003A2000-memory.dmp

Filesize
1.1MB

Download
memory/2148-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2532-2-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2532-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2532-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2532-14-0x00000000036C0000-0x0000000003B2A000-memory.dmp

Filesize
4.4MB

Download
memory/2532-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2532-26-0x00000000036C0000-0x0000000003B2A000-memory.dmp

Filesize
4.4MB

Download