b621c6e7d7e0469da0a7ea62ce79016fae190d61966fdd562a25c6a2ed3988d7

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7516655f9a83a003f195f8c50b0c9aa1.exe
Size

10.6MB
MD5

7516655f9a83a003f195f8c50b0c9aa1
SHA1

725407271eca425b5f66ceab858b0ef70e558032
SHA256

b621c6e7d7e0469da0a7ea62ce79016fae190d61966fdd562a25c6a2ed3988d7
SHA512

7e767c5c1e6ce03cc194fffdd9a17f41194e4bee8cf548191b5088027945a8e22952084465956f9db6e385db6824f51dfcf1a1639ea08e55c53efcae46ba93e7
SSDEEP

196608:xjA7PaEWByml5KIbEY5H9lkbt+WYl5KIbEY5H9lA:mPaE2y8QYFbabOQYFbA

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

7516655f9a83a003f195f8c50b0c9aa1.exe

pid process

2984 7516655f9a83a003f195f8c50b0c9aa1.exe
Executes dropped EXE 1 IoCs

Processes:

7516655f9a83a003f195f8c50b0c9aa1.exe

pid process

2984 7516655f9a83a003f195f8c50b0c9aa1.exe
Loads dropped DLL 1 IoCs

Processes:

7516655f9a83a003f195f8c50b0c9aa1.exe

pid process

1992 7516655f9a83a003f195f8c50b0c9aa1.exe

pid	process
2984	7516655f9a83a003f195f8c50b0c9aa1.exe

pid	process
2984	7516655f9a83a003f195f8c50b0c9aa1.exe

pid	process
1992	7516655f9a83a003f195f8c50b0c9aa1.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1992-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\7516655f9a83a003f195f8c50b0c9aa1.exe	upx
behavioral1/memory/2984-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\7516655f9a83a003f195f8c50b0c9aa1.exe	upx

Suspicious behavior: RenamesItself 1 IoCs

Processes:

7516655f9a83a003f195f8c50b0c9aa1.exe

pid process

1992 7516655f9a83a003f195f8c50b0c9aa1.exe
Suspicious use of UnmapMainImage 2 IoCs

Processes:

7516655f9a83a003f195f8c50b0c9aa1.exe7516655f9a83a003f195f8c50b0c9aa1.exe

pid process

1992 7516655f9a83a003f195f8c50b0c9aa1.exe
2984 7516655f9a83a003f195f8c50b0c9aa1.exe

pid	process
1992	7516655f9a83a003f195f8c50b0c9aa1.exe

pid	process
1992	7516655f9a83a003f195f8c50b0c9aa1.exe
2984	7516655f9a83a003f195f8c50b0c9aa1.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

7516655f9a83a003f195f8c50b0c9aa1.exe

description	pid	process	target process
PID 1992 wrote to memory of 2984	1992	7516655f9a83a003f195f8c50b0c9aa1.exe	7516655f9a83a003f195f8c50b0c9aa1.exe
PID 1992 wrote to memory of 2984	1992	7516655f9a83a003f195f8c50b0c9aa1.exe	7516655f9a83a003f195f8c50b0c9aa1.exe
PID 1992 wrote to memory of 2984	1992	7516655f9a83a003f195f8c50b0c9aa1.exe	7516655f9a83a003f195f8c50b0c9aa1.exe
PID 1992 wrote to memory of 2984	1992	7516655f9a83a003f195f8c50b0c9aa1.exe	7516655f9a83a003f195f8c50b0c9aa1.exe

C:\Users\Admin\AppData\Local\Temp\7516655f9a83a003f195f8c50b0c9aa1.exe
"C:\Users\Admin\AppData\Local\Temp\7516655f9a83a003f195f8c50b0c9aa1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1992

C:\Users\Admin\AppData\Local\Temp\7516655f9a83a003f195f8c50b0c9aa1.exe
C:\Users\Admin\AppData\Local\Temp\7516655f9a83a003f195f8c50b0c9aa1.exe
2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7516655f9a83a003f195f8c50b0c9aa1.exe
Filesize
1.9MB

MD5
b38f44e2815e7d3f1d5eda33a5e403ad

SHA1
83178345fedd14308af1ceaf0b7698626a90ae0a

SHA256
cf47bd41e42e385a6362761e9996972898d2a119be705723d8f4ee32d882922f

SHA512
296598ad246b16270889b9b38d0c0d614dcd8d3b5c535413702682858e003bb2d76d7537e03d6e5064771d6d9522b22ad8e6bf83d0fa39e139ffd6e0e08c0284

Download Submit
\Users\Admin\AppData\Local\Temp\7516655f9a83a003f195f8c50b0c9aa1.exe
Filesize
1.7MB

MD5
bfda737fc4a8f78fe81f6cc81c3d1451

SHA1
7532609c3bd318515bc6155bfc8385dc38c3f6a1

SHA256
217f2fd61f68d4b694b4be3812991ecab92ffe40d8a2ed96b538c825b76f619a

SHA512
26955ae12ecbfb4ea52efcd3184a645c32e0093e4503906aadf41c175f1720b7b3b2ae45d75a4de37016992bf269496d6fe717ce2086da67238040877b29de23

Download Submit
memory/1992-3-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/1992-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1992-14-0x0000000004860000-0x0000000004D4F000-memory.dmp

Filesize
4.9MB

Download
memory/1992-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1992-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2984-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2984-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2984-19-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2984-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2984-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2984-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download