7b411e571ac9694c9297c94b67c67df6aa99335c5e7f04e7c3a5e7114a083aad

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 10:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

747a26af9f49eb4ac87cbf58c42b0f20.exe
Size

2.7MB
MD5

747a26af9f49eb4ac87cbf58c42b0f20
SHA1

f8c868ac113fc86e6975fc0b521bee3e66233e22
SHA256

7b411e571ac9694c9297c94b67c67df6aa99335c5e7f04e7c3a5e7114a083aad
SHA512

b7c64c39857db72b121a5be063bdc6d2b51db73c08f892cf1f953d29528310806db7156941b678d1430e95e000389a688e48d4aa741783ba382c7605c1048e03
SSDEEP

49152:j6zXFgTAD4DeGgGVKerfXzAX/xPaRXP1amouAuy9bEv7qtLmD4:jEOnDezG/Lj4/xSRf1amawomD

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1736	747a26af9f49eb4ac87cbf58c42b0f20.exe

Executes dropped EXE 1 IoCs

pid	Process
1736	747a26af9f49eb4ac87cbf58c42b0f20.exe

Loads dropped DLL 1 IoCs

pid	Process
3040	747a26af9f49eb4ac87cbf58c42b0f20.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3040-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a0000000133a9-14.dat	upx
behavioral1/files/0x000a0000000133a9-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3040	747a26af9f49eb4ac87cbf58c42b0f20.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3040	747a26af9f49eb4ac87cbf58c42b0f20.exe
1736	747a26af9f49eb4ac87cbf58c42b0f20.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 1736	3040	747a26af9f49eb4ac87cbf58c42b0f20.exe	28
PID 3040 wrote to memory of 1736	3040	747a26af9f49eb4ac87cbf58c42b0f20.exe	28
PID 3040 wrote to memory of 1736	3040	747a26af9f49eb4ac87cbf58c42b0f20.exe	28
PID 3040 wrote to memory of 1736	3040	747a26af9f49eb4ac87cbf58c42b0f20.exe	28

C:\Users\Admin\AppData\Local\Temp\747a26af9f49eb4ac87cbf58c42b0f20.exe
"C:\Users\Admin\AppData\Local\Temp\747a26af9f49eb4ac87cbf58c42b0f20.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Users\Admin\AppData\Local\Temp\747a26af9f49eb4ac87cbf58c42b0f20.exe
  C:\Users\Admin\AppData\Local\Temp\747a26af9f49eb4ac87cbf58c42b0f20.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\747a26af9f49eb4ac87cbf58c42b0f20.exe

Filesize
369KB

MD5
9f8fe203285661dcc399ca1ad185dd46

SHA1
9996ed5d58d53148ad1cbd95ce47c6d6f468a35c

SHA256
a0d84ea8dded07c570cdda888ff9fc7e6c56ce70973244c2a4afc9419d4cc540

SHA512
b57b16bd658384f8e8f038d92a519fcf11a9f1039b6616ba4ed06a8a64b83e0329c4a8b502384358e193428fb16aceb0a7e02a8799725f107e74e346ca9259e6

Download Submit
\Users\Admin\AppData\Local\Temp\747a26af9f49eb4ac87cbf58c42b0f20.exe

Filesize
605KB

MD5
9a19975c4f9edb4804423264571358cb

SHA1
65faf34548acfe61980e4c4c31ce03952b2da8ac

SHA256
6a5692602b7f9209f7836590018d90e8dca8122cc5bb4550b4a73333f70fb092

SHA512
92e5bcb0472616114c6112ab127d6460f13db943427df5f63d5a7c7b09fc05c860bd3a11fa49f0691847e2b0ce39ac13396415dc29765024ec61456a5cb11205

Download Submit
memory/1736-17-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/1736-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1736-19-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1736-25-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/3040-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/3040-1-0x00000000002B0000-0x00000000003C2000-memory.dmp

Filesize
1.1MB

Download
memory/3040-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/3040-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download