a972027264eebea9d9c1c2242115e80edd581572ba6614e7fdefa789b7b45c52

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

747d66d0e1bf70f3d469fce467df72a9.exe
Size

1.3MB
MD5

747d66d0e1bf70f3d469fce467df72a9
SHA1

5864d829d4b029db263f46b02277894c091efb24
SHA256

a972027264eebea9d9c1c2242115e80edd581572ba6614e7fdefa789b7b45c52
SHA512

e6d07149c835378dae2aaf729018a1f6cf5b57ebeaacf44733ee951867fd097bd1c10720a53527958c8c45cf3ec754a5c464400c761222754472af0fd3592462
SSDEEP

24576:lPzhBYN78bXJILlRh9/28l6EPJyYIe8JCpyoQgxdCDmV5Pmeir9MYT1jDHdLNWc:l9BEVxHo8l6EP0Yz6qyo7DBmeeXzJNp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2532	747d66d0e1bf70f3d469fce467df72a9.exe

Executes dropped EXE 1 IoCs

pid	Process
2532	747d66d0e1bf70f3d469fce467df72a9.exe

Loads dropped DLL 1 IoCs

pid	Process
2044	747d66d0e1bf70f3d469fce467df72a9.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2044-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012262-10.dat	upx
behavioral1/files/0x000b000000012262-15.dat	upx
behavioral1/memory/2532-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2044	747d66d0e1bf70f3d469fce467df72a9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2044	747d66d0e1bf70f3d469fce467df72a9.exe
2532	747d66d0e1bf70f3d469fce467df72a9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2532	2044	747d66d0e1bf70f3d469fce467df72a9.exe	28
PID 2044 wrote to memory of 2532	2044	747d66d0e1bf70f3d469fce467df72a9.exe	28
PID 2044 wrote to memory of 2532	2044	747d66d0e1bf70f3d469fce467df72a9.exe	28
PID 2044 wrote to memory of 2532	2044	747d66d0e1bf70f3d469fce467df72a9.exe	28

C:\Users\Admin\AppData\Local\Temp\747d66d0e1bf70f3d469fce467df72a9.exe
"C:\Users\Admin\AppData\Local\Temp\747d66d0e1bf70f3d469fce467df72a9.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\747d66d0e1bf70f3d469fce467df72a9.exe
  C:\Users\Admin\AppData\Local\Temp\747d66d0e1bf70f3d469fce467df72a9.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\747d66d0e1bf70f3d469fce467df72a9.exe

Filesize
567KB

MD5
cebb52ed9e13c2fbafde3e76816ac4ea

SHA1
c08e4fe5da1ba420ee8f14407f745bdc0167ea71

SHA256
d12009ac58576da525c7cb919bb6a14fa7bd4596f15046897fc7d2ebfad3d3b2

SHA512
a7f901ee6b01a81f8efab1daab042dfe2e1dfcf563f0dbff6d0b52f891a011b503ecbdc164a436cd1c0d688a2037d97222c3434c36feb08baccdb4bd31f1dd97

Download Submit
\Users\Admin\AppData\Local\Temp\747d66d0e1bf70f3d469fce467df72a9.exe

Filesize
810KB

MD5
0997ed27d7790d0688e77afb73eb91f3

SHA1
4bb18ae1c44c21f3ecbde5b4cf75d858f56b2034

SHA256
efa1892abf8e34d217d76c0bd73fa80bd8dca3f63402d741eaa08c4fe5c89995

SHA512
21ac4ae1b82cfb385a3b9d6d4bf29e4a79f471ed920a8fb94d2ec75919af52b7f1164b8191ef0dcd985c6fda9747b2984d1f127e7b58829ea92db79f021b85a5

Download Submit
memory/2044-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2044-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2044-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2044-14-0x00000000034D0000-0x00000000039BF000-memory.dmp

Filesize
4.9MB

Download
memory/2044-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2044-31-0x00000000034D0000-0x00000000039BF000-memory.dmp

Filesize
4.9MB

Download
memory/2532-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2532-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2532-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2532-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2532-24-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/2532-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download