99fcb2fe45a70252461012cb317824941477998e9dea1e5092ebf98755539f38

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7507f1b235ab4726a333ce4b9e1fd9b8.exe
Size

2.9MB
MD5

7507f1b235ab4726a333ce4b9e1fd9b8
SHA1

af99af4c6557a3d4ca5f635bddbc746b98b4894f
SHA256

99fcb2fe45a70252461012cb317824941477998e9dea1e5092ebf98755539f38
SHA512

515c75c61b6d4f6ac30bb928a95510e532e0408df8d5e14088cb37a1c966d92692da5f4484008789e8a00a176e30c1b244d1aa7f593aea8ef5dc54aa08466159
SSDEEP

49152:Y2a2sMazg8BzeVmlOtVpl60VsP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:Y21azg8oVmUhl6Qsgg3gnl/IVUs1jePs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

7507f1b235ab4726a333ce4b9e1fd9b8.exe

pid process

2812 7507f1b235ab4726a333ce4b9e1fd9b8.exe
Executes dropped EXE 1 IoCs

Processes:

7507f1b235ab4726a333ce4b9e1fd9b8.exe

pid process

2812 7507f1b235ab4726a333ce4b9e1fd9b8.exe
Loads dropped DLL 1 IoCs

Processes:

7507f1b235ab4726a333ce4b9e1fd9b8.exe

pid process

2244 7507f1b235ab4726a333ce4b9e1fd9b8.exe

pid	process
2812	7507f1b235ab4726a333ce4b9e1fd9b8.exe

pid	process
2812	7507f1b235ab4726a333ce4b9e1fd9b8.exe

pid	process
2244	7507f1b235ab4726a333ce4b9e1fd9b8.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2244-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\7507f1b235ab4726a333ce4b9e1fd9b8.exe	upx
behavioral1/memory/2244-13-0x00000000037F0000-0x0000000003CDF000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\7507f1b235ab4726a333ce4b9e1fd9b8.exe	upx
behavioral1/memory/2812-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

Processes:

7507f1b235ab4726a333ce4b9e1fd9b8.exe

pid process

2244 7507f1b235ab4726a333ce4b9e1fd9b8.exe
Suspicious use of UnmapMainImage 2 IoCs

Processes:

7507f1b235ab4726a333ce4b9e1fd9b8.exe7507f1b235ab4726a333ce4b9e1fd9b8.exe

pid process

2244 7507f1b235ab4726a333ce4b9e1fd9b8.exe
2812 7507f1b235ab4726a333ce4b9e1fd9b8.exe

pid	process
2244	7507f1b235ab4726a333ce4b9e1fd9b8.exe

pid	process
2244	7507f1b235ab4726a333ce4b9e1fd9b8.exe
2812	7507f1b235ab4726a333ce4b9e1fd9b8.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

7507f1b235ab4726a333ce4b9e1fd9b8.exe

description	pid	process	target process
PID 2244 wrote to memory of 2812	2244	7507f1b235ab4726a333ce4b9e1fd9b8.exe	7507f1b235ab4726a333ce4b9e1fd9b8.exe
PID 2244 wrote to memory of 2812	2244	7507f1b235ab4726a333ce4b9e1fd9b8.exe	7507f1b235ab4726a333ce4b9e1fd9b8.exe
PID 2244 wrote to memory of 2812	2244	7507f1b235ab4726a333ce4b9e1fd9b8.exe	7507f1b235ab4726a333ce4b9e1fd9b8.exe
PID 2244 wrote to memory of 2812	2244	7507f1b235ab4726a333ce4b9e1fd9b8.exe	7507f1b235ab4726a333ce4b9e1fd9b8.exe

C:\Users\Admin\AppData\Local\Temp\7507f1b235ab4726a333ce4b9e1fd9b8.exe
"C:\Users\Admin\AppData\Local\Temp\7507f1b235ab4726a333ce4b9e1fd9b8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2244

C:\Users\Admin\AppData\Local\Temp\7507f1b235ab4726a333ce4b9e1fd9b8.exe
C:\Users\Admin\AppData\Local\Temp\7507f1b235ab4726a333ce4b9e1fd9b8.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7507f1b235ab4726a333ce4b9e1fd9b8.exe
Filesize
78KB

MD5
456f7e320c15740f60fbb4154c073ba0

SHA1
99e98a87c603ea739af12f220460392c75faf425

SHA256
23e4c62ea7bb774f10ef5cc34d08811517de1a15a80c272b416f745d63f225dc

SHA512
5608b4ec119a7257029ca3f8eba8c74f69db2d9f755b41a85da8477e656221bd1813e0c407dc78f99f3377c428d7fed98c73e5e1b1031147596dc178e667297b

Download Submit
\Users\Admin\AppData\Local\Temp\7507f1b235ab4726a333ce4b9e1fd9b8.exe
Filesize
479KB

MD5
d82a746cbd4b52e23dc1e8a7aa85bdf7

SHA1
8299b109cfb0beaed8333714f4ced67998a0307d

SHA256
330998d163beae240af0489e53cb35c45f24fcab8fe88b7d08acdd36bc72863a

SHA512
91a59192f59daaefcbbce54c38c5f505da1a4628a8274dbf8a8c631c2f85e6d6d11cd994f56b2b0074ee852148caa7dd81ee1fd633b39d46ac1a239df466ff05

Download Submit
memory/2244-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2244-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2244-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2244-13-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2244-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2812-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2812-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2812-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2812-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2812-24-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/2812-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download