65bf3e9db02de820042e27e6a89acfb4259635e378ff48f5c266833c5f8c721a

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 10:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

747e077b94ea8c32a6e14bfd9f8ae887.exe
Size

2.7MB
MD5

747e077b94ea8c32a6e14bfd9f8ae887
SHA1

3b1e1f4099a7a0e5a6bbef2a437de1c02b3a237b
SHA256

65bf3e9db02de820042e27e6a89acfb4259635e378ff48f5c266833c5f8c721a
SHA512

71c53749bc7d0f8cb85bbf9c8b6f87c108172e2366150b7dd1fbfdf50cec50bd236a37e135f6b45812be8ad62828a6715c63ed8fd91d443b0437697b4805965d
SSDEEP

49152:6bjKyKQgaKnkbo8nvW3nM40rWTe7gMtGfzb0VMF2Ua4d3IpLfrpiuwCXf:gjytkb/n+3buWStGfidUaiMLDpJXf

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2652	747e077b94ea8c32a6e14bfd9f8ae887.exe

Executes dropped EXE 1 IoCs

pid	Process
2652	747e077b94ea8c32a6e14bfd9f8ae887.exe

Loads dropped DLL 1 IoCs

pid	Process
1940	747e077b94ea8c32a6e14bfd9f8ae887.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1940-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012234-10.dat	upx
behavioral1/files/0x000b000000012234-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1940	747e077b94ea8c32a6e14bfd9f8ae887.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1940	747e077b94ea8c32a6e14bfd9f8ae887.exe
2652	747e077b94ea8c32a6e14bfd9f8ae887.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1940 wrote to memory of 2652	1940	747e077b94ea8c32a6e14bfd9f8ae887.exe	28
PID 1940 wrote to memory of 2652	1940	747e077b94ea8c32a6e14bfd9f8ae887.exe	28
PID 1940 wrote to memory of 2652	1940	747e077b94ea8c32a6e14bfd9f8ae887.exe	28
PID 1940 wrote to memory of 2652	1940	747e077b94ea8c32a6e14bfd9f8ae887.exe	28

C:\Users\Admin\AppData\Local\Temp\747e077b94ea8c32a6e14bfd9f8ae887.exe
"C:\Users\Admin\AppData\Local\Temp\747e077b94ea8c32a6e14bfd9f8ae887.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1940
- C:\Users\Admin\AppData\Local\Temp\747e077b94ea8c32a6e14bfd9f8ae887.exe
  C:\Users\Admin\AppData\Local\Temp\747e077b94ea8c32a6e14bfd9f8ae887.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\747e077b94ea8c32a6e14bfd9f8ae887.exe

Filesize
151KB

MD5
4ecceeb82c7bb0fdad347a46f61cb566

SHA1
65b63a9ee63d007c7492aab88c1cb2551345fe69

SHA256
8a5cf19c977890456c3450427381f4092a068b75bf88142bb4ad23e1c1edfdfc

SHA512
d6cf63d15c3bd5681cfd8a60c73e429afc0e5ea374a3b4af169af5a11da6d0519d14529f3ed53eaf074a90a762a3beb1cb7ca579c12f24da49b099b7dd42044a

Download Submit
\Users\Admin\AppData\Local\Temp\747e077b94ea8c32a6e14bfd9f8ae887.exe

Filesize
125KB

MD5
62234895aa09b2b54eb45746d9dc7525

SHA1
eea0fc57bea11903f355fbf02654665f3c819b2c

SHA256
95a6bfa4a9b9a4969a1aecf08f9e96425cd85b2a1d43cf654280fce8f279baec

SHA512
610cf1b257d101be78c090cb387409ad124715a3cae307bcc03a44bdc7c0843bdeb366adf821fd943311838c3e0caa3cd8c8c92143c417a1bf2b90c88408a658

Download Submit
memory/1940-15-0x0000000003770000-0x0000000003C5F000-memory.dmp

Filesize
4.9MB

Download
memory/1940-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1940-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1940-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1940-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2652-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2652-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2652-20-0x0000000000290000-0x00000000003C3000-memory.dmp

Filesize
1.2MB

Download
memory/2652-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2652-25-0x0000000003520000-0x000000000374A000-memory.dmp

Filesize
2.2MB

Download
memory/2652-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download