093b361f8baa22d254fcd24deac2ca3950cf65dd0140c922797c5c16f0460d21

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7511fb2fd7f8e6e176def8f6ed51d603.exe
Size

2.7MB
MD5

7511fb2fd7f8e6e176def8f6ed51d603
SHA1

64d04adbf22d9d48c6b511824dae04cbf26528b1
SHA256

093b361f8baa22d254fcd24deac2ca3950cf65dd0140c922797c5c16f0460d21
SHA512

ebeda17218d83423487ecfecc310230ff84c8081bc6be0a60fb1954966ac7072ecc3a7638aa33c92e47db9ad5b418b33913daccd2567838af3b71e880b6d5561
SSDEEP

49152:6RPBCO6zuVC5L/P+QxYyD6+eu6s66Ad8KnbxyYOGZgYs+H5mUp:SPBP6yVC5LeQxleur6tvy1aMUp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

7511fb2fd7f8e6e176def8f6ed51d603.exe

pid process

2724 7511fb2fd7f8e6e176def8f6ed51d603.exe
Executes dropped EXE 1 IoCs

Processes:

7511fb2fd7f8e6e176def8f6ed51d603.exe

pid process

2724 7511fb2fd7f8e6e176def8f6ed51d603.exe
Loads dropped DLL 1 IoCs

Processes:

7511fb2fd7f8e6e176def8f6ed51d603.exe

pid process

2260 7511fb2fd7f8e6e176def8f6ed51d603.exe

pid	process
2724	7511fb2fd7f8e6e176def8f6ed51d603.exe

pid	process
2724	7511fb2fd7f8e6e176def8f6ed51d603.exe

pid	process
2260	7511fb2fd7f8e6e176def8f6ed51d603.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2260-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\7511fb2fd7f8e6e176def8f6ed51d603.exe	upx
C:\Users\Admin\AppData\Local\Temp\7511fb2fd7f8e6e176def8f6ed51d603.exe	upx
behavioral1/memory/2724-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

Processes:

7511fb2fd7f8e6e176def8f6ed51d603.exe

pid process

2260 7511fb2fd7f8e6e176def8f6ed51d603.exe
Suspicious use of UnmapMainImage 2 IoCs

Processes:

7511fb2fd7f8e6e176def8f6ed51d603.exe7511fb2fd7f8e6e176def8f6ed51d603.exe

pid process

2260 7511fb2fd7f8e6e176def8f6ed51d603.exe
2724 7511fb2fd7f8e6e176def8f6ed51d603.exe

pid	process
2260	7511fb2fd7f8e6e176def8f6ed51d603.exe

pid	process
2260	7511fb2fd7f8e6e176def8f6ed51d603.exe
2724	7511fb2fd7f8e6e176def8f6ed51d603.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

7511fb2fd7f8e6e176def8f6ed51d603.exe

description	pid	process	target process
PID 2260 wrote to memory of 2724	2260	7511fb2fd7f8e6e176def8f6ed51d603.exe	7511fb2fd7f8e6e176def8f6ed51d603.exe
PID 2260 wrote to memory of 2724	2260	7511fb2fd7f8e6e176def8f6ed51d603.exe	7511fb2fd7f8e6e176def8f6ed51d603.exe
PID 2260 wrote to memory of 2724	2260	7511fb2fd7f8e6e176def8f6ed51d603.exe	7511fb2fd7f8e6e176def8f6ed51d603.exe
PID 2260 wrote to memory of 2724	2260	7511fb2fd7f8e6e176def8f6ed51d603.exe	7511fb2fd7f8e6e176def8f6ed51d603.exe

C:\Users\Admin\AppData\Local\Temp\7511fb2fd7f8e6e176def8f6ed51d603.exe
"C:\Users\Admin\AppData\Local\Temp\7511fb2fd7f8e6e176def8f6ed51d603.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2260

C:\Users\Admin\AppData\Local\Temp\7511fb2fd7f8e6e176def8f6ed51d603.exe
C:\Users\Admin\AppData\Local\Temp\7511fb2fd7f8e6e176def8f6ed51d603.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7511fb2fd7f8e6e176def8f6ed51d603.exe
Filesize
69KB

MD5
f48499965c440d2c0896d49da2a617b5

SHA1
6a98e21d038674b4e266f36c04038151945080f1

SHA256
763f93fad3db05fae8945ee597e22e246fd59b5df8f04e50dfeeec2034e56ad3

SHA512
0af3f1c7d9ea0257b720d360bbcef8f44dcf7bb016c8e5da817e8048e43610ea86024a0a84cd09a3f281a61f4e16b194fee32218b14c0a9d1c3401978e676301

Download Submit
\Users\Admin\AppData\Local\Temp\7511fb2fd7f8e6e176def8f6ed51d603.exe
Filesize
242KB

MD5
2e9e84ad2dc2b375c5e9ffa89199e41b

SHA1
cae851c1f2aa0880a595f6d500be63793c58310b

SHA256
8667267af5308fd4230b953afc0a4533d97dbbfec547043b29c3bf23fb7a2ecd

SHA512
87eb47e8c2af1e48c45b9f05098cef46074795d2776a33c30a442f0d9096776b46b140771a8157b0f66f495b29265e7adca1691787420e1eaad7c8b63f5bd1d9

Download Submit
memory/2260-3-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2260-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2260-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2260-15-0x0000000003840000-0x0000000003D2F000-memory.dmp

Filesize
4.9MB

Download
memory/2260-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2260-31-0x0000000003840000-0x0000000003D2F000-memory.dmp

Filesize
4.9MB

Download
memory/2724-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2724-19-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2724-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2724-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2724-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2724-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download