Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:44

General

  • Target

    7520300cb3727b7a4a3576dcf611d52b.exe

  • Size

    1.3MB

  • MD5

    7520300cb3727b7a4a3576dcf611d52b

  • SHA1

    5b34cc94b619be6b06a300011338df8f323d98c0

  • SHA256

    6cc955a94103a3a92f1ca35a717a24edf2e08d0b6a6352f63e45aa786d8990b1

  • SHA512

    5999c5ddcc925f6be81374aefd919c3c878c70611ebf1b22049f070ec80690489a94848742577aeee83861fe80e5ff1b17f61e14ad1b418a35a891498bc854c7

  • SSDEEP

    24576:bLQ425dc0mCrvS1Jt9hP9NtpiCZG+dOfDZY/Ep/xFKBv0Zn218U9/9Us:nQNuCTSTP9fU+dOrS/ER1ZnsR9j

Score
7/10
upx

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of UnmapMainImage 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe
    "C:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: RenamesItself
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:2440
    • C:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe
      C:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of UnmapMainImage
      PID:1404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe

    Filesize

    415KB

    MD5

    4cc68117fd479c8cb3d12f2bc95a6da0

    SHA1

    e308bc0934185f4fb9fdd69fbd78684ec72c98b4

    SHA256

    fc017d1038b9b61a3681c54f7615d62d960e8ffc04640c58c8cabc44ea121f82

    SHA512

    06396c35e6f1023060539c5c0cb503f19481cb6b58ff58b45591cf92ae783e9f0fabc8ae7ff74db5ef6370729d8ee697b1c22bbee1050289c5d5134d38dfcb14

  • C:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe

    Filesize

    162KB

    MD5

    5ad790da2c4680cb41fdf477fbf80abc

    SHA1

    753f7a3f0c1560b602c9dae2fbb50db2a6cde705

    SHA256

    a874b07129433188f03067da64fed62bdf2c0afe7c62ec7192c2a5257a1b04eb

    SHA512

    0ef53e96f78e0b07c8828391cc55091b64af69be32487613947943d0130ca6ecba5ab7b00672e9bd4e928dcfdedf2eb12d8a5ef0c0e5a98c9ff9486e1288ae97

  • \Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe

    Filesize

    356KB

    MD5

    4f31b22190811d4d5d991cdf29927b24

    SHA1

    c93763a4bcdff3c888aa853a168a3feb2217e6e2

    SHA256

    66601277efc850107a02b008ec323937f1c4803f6b8f706e2aedb6cc222e923a

    SHA512

    8f00bfde67083be02e3b7dfc2993369d7170733bd590879f1a485678283c4544f828ccf5cc35d7dd9002aa1cafa207457b27af548374fa5e179b010cc05fb44a

  • memory/1404-16-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

  • memory/1404-17-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

  • memory/1404-18-0x0000000000230000-0x0000000000361000-memory.dmp

    Filesize

    1.2MB

  • memory/1404-23-0x0000000000400000-0x0000000000616000-memory.dmp

    Filesize

    2.1MB

  • memory/1404-24-0x0000000003630000-0x0000000003852000-memory.dmp

    Filesize

    2.1MB

  • memory/1404-32-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

  • memory/2440-0-0x0000000000400000-0x00000000008E7000-memory.dmp

    Filesize

    4.9MB

  • memory/2440-14-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

  • memory/2440-2-0x00000000002B0000-0x00000000003E1000-memory.dmp

    Filesize

    1.2MB

  • memory/2440-13-0x0000000003380000-0x0000000003867000-memory.dmp

    Filesize

    4.9MB

  • memory/2440-1-0x0000000000400000-0x0000000000622000-memory.dmp

    Filesize

    2.1MB

  • memory/2440-31-0x0000000003380000-0x0000000003867000-memory.dmp

    Filesize

    4.9MB