4dc3709422c33a80b51177693a7d6d15ea9b01cd37a3f4966677c5750f4a165d

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 05:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7196651d87a1a98e4e893ce551ea4a2d.exe
Size

1.5MB
MD5

7196651d87a1a98e4e893ce551ea4a2d
SHA1

92cb9a414fee5030da6491cf0931e10b2e995d92
SHA256

4dc3709422c33a80b51177693a7d6d15ea9b01cd37a3f4966677c5750f4a165d
SHA512

32d5b9d94c570ba11ca2702b9ca6094877a779655a822b28c79313ccfec4b768d813c3bb047ac1a9f26a6a325e9b2cb7d95d015d21ff018e5c2ff4584e626e98
SSDEEP

24576:/PYfWphKULAQfrpyyuQGWFVw9HWrAXsiVkfPgQr7Q9xzr/mq84pQW:zPKU8SXu7HdXsiagYUzzrxpQ

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1980	7196651d87a1a98e4e893ce551ea4a2d.exe

Executes dropped EXE 1 IoCs

pid	Process
1980	7196651d87a1a98e4e893ce551ea4a2d.exe

Loads dropped DLL 1 IoCs

pid	Process
2016	7196651d87a1a98e4e893ce551ea4a2d.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2016-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012258-10.dat	upx
behavioral1/files/0x000c000000012258-12.dat	upx
behavioral1/memory/1980-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c000000012258-15.dat	upx
behavioral1/memory/2016-14-0x0000000003800000-0x0000000003CEF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2016	7196651d87a1a98e4e893ce551ea4a2d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2016	7196651d87a1a98e4e893ce551ea4a2d.exe
1980	7196651d87a1a98e4e893ce551ea4a2d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1980	2016	7196651d87a1a98e4e893ce551ea4a2d.exe	28
PID 2016 wrote to memory of 1980	2016	7196651d87a1a98e4e893ce551ea4a2d.exe	28
PID 2016 wrote to memory of 1980	2016	7196651d87a1a98e4e893ce551ea4a2d.exe	28
PID 2016 wrote to memory of 1980	2016	7196651d87a1a98e4e893ce551ea4a2d.exe	28

C:\Users\Admin\AppData\Local\Temp\7196651d87a1a98e4e893ce551ea4a2d.exe
"C:\Users\Admin\AppData\Local\Temp\7196651d87a1a98e4e893ce551ea4a2d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Users\Admin\AppData\Local\Temp\7196651d87a1a98e4e893ce551ea4a2d.exe
  C:\Users\Admin\AppData\Local\Temp\7196651d87a1a98e4e893ce551ea4a2d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7196651d87a1a98e4e893ce551ea4a2d.exe

Filesize
469KB

MD5
79565d1edddbd7493535e513fc1247da

SHA1
d79ca6d35a1e5a43ea5e18425a33dcf1c8f850c8

SHA256
644a8290e9dae6314b5dae9312ddc225304f8552346815b4c04ec672ce560370

SHA512
770a19c28a57e5f837da67aacd4f8a631916a46ff6665912cda71db6b0374a17511bcdb80ae031c50c4d1baa3294105db719045d46ec43ed31c99f91214c9bba

Download Submit
C:\Users\Admin\AppData\Local\Temp\7196651d87a1a98e4e893ce551ea4a2d.exe

Filesize
721KB

MD5
c86004b3feab2253189217234df310e0

SHA1
5daef579fc99b3b5294f1b6c1194de00dab9d4cd

SHA256
c044af4afadcbe70f458f5b418af702ba84af4539b9ae7818f7def45799d3259

SHA512
b34abb20eff56f6c3eb4001f34b205042e0912d3c67583b85896d5d553a1336c99f4865e418691608f2143d9e9762a79f93ca1b65b3648e6f1a361ecdc228343

Download Submit
\Users\Admin\AppData\Local\Temp\7196651d87a1a98e4e893ce551ea4a2d.exe

Filesize
635KB

MD5
90d0a1ae97d397576676be384bfa8f21

SHA1
73f161508ff81e8691e3ee551fa43b54f2661c3d

SHA256
f15cf1be8d67604c8a3888a4c0fe06d96eac2a4a4c79ccd7815a27834ec04b5f

SHA512
02e0471cbbc03144a2919c0fc27afa33e14d429dc666ea57e375d9abe6271ade598a4388f84fee2e3e909287e2cd63ae1be8b3eafbe4fa09609b6c6e16609408

Download Submit
memory/1980-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1980-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1980-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1980-24-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/1980-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1980-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2016-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2016-3-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2016-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2016-14-0x0000000003800000-0x0000000003CEF000-memory.dmp

Filesize
4.9MB

Download
memory/2016-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2016-31-0x0000000003800000-0x0000000003CEF000-memory.dmp

Filesize
4.9MB

Download