Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:44
Behavioral task
behavioral1
Sample
7520300cb3727b7a4a3576dcf611d52b.exe
Resource
win7-20231215-en
General
-
Target
7520300cb3727b7a4a3576dcf611d52b.exe
-
Size
1.3MB
-
MD5
7520300cb3727b7a4a3576dcf611d52b
-
SHA1
5b34cc94b619be6b06a300011338df8f323d98c0
-
SHA256
6cc955a94103a3a92f1ca35a717a24edf2e08d0b6a6352f63e45aa786d8990b1
-
SHA512
5999c5ddcc925f6be81374aefd919c3c878c70611ebf1b22049f070ec80690489a94848742577aeee83861fe80e5ff1b17f61e14ad1b418a35a891498bc854c7
-
SSDEEP
24576:bLQ425dc0mCrvS1Jt9hP9NtpiCZG+dOfDZY/Ep/xFKBv0Zn218U9/9Us:nQNuCTSTP9fU+dOrS/ER1ZnsR9j
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
7520300cb3727b7a4a3576dcf611d52b.exepid process 1404 7520300cb3727b7a4a3576dcf611d52b.exe -
Executes dropped EXE 1 IoCs
Processes:
7520300cb3727b7a4a3576dcf611d52b.exepid process 1404 7520300cb3727b7a4a3576dcf611d52b.exe -
Loads dropped DLL 1 IoCs
Processes:
7520300cb3727b7a4a3576dcf611d52b.exepid process 2440 7520300cb3727b7a4a3576dcf611d52b.exe -
Processes:
resource yara_rule behavioral1/memory/2440-0-0x0000000000400000-0x00000000008E7000-memory.dmp upx \Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe upx behavioral1/memory/1404-16-0x0000000000400000-0x00000000008E7000-memory.dmp upx C:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe upx C:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe upx -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
7520300cb3727b7a4a3576dcf611d52b.exepid process 2440 7520300cb3727b7a4a3576dcf611d52b.exe -
Suspicious use of UnmapMainImage 2 IoCs
Processes:
7520300cb3727b7a4a3576dcf611d52b.exe7520300cb3727b7a4a3576dcf611d52b.exepid process 2440 7520300cb3727b7a4a3576dcf611d52b.exe 1404 7520300cb3727b7a4a3576dcf611d52b.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
7520300cb3727b7a4a3576dcf611d52b.exedescription pid process target process PID 2440 wrote to memory of 1404 2440 7520300cb3727b7a4a3576dcf611d52b.exe 7520300cb3727b7a4a3576dcf611d52b.exe PID 2440 wrote to memory of 1404 2440 7520300cb3727b7a4a3576dcf611d52b.exe 7520300cb3727b7a4a3576dcf611d52b.exe PID 2440 wrote to memory of 1404 2440 7520300cb3727b7a4a3576dcf611d52b.exe 7520300cb3727b7a4a3576dcf611d52b.exe PID 2440 wrote to memory of 1404 2440 7520300cb3727b7a4a3576dcf611d52b.exe 7520300cb3727b7a4a3576dcf611d52b.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe"C:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2440 -
C:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exeC:\Users\Admin\AppData\Local\Temp\7520300cb3727b7a4a3576dcf611d52b.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:1404
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
415KB
MD54cc68117fd479c8cb3d12f2bc95a6da0
SHA1e308bc0934185f4fb9fdd69fbd78684ec72c98b4
SHA256fc017d1038b9b61a3681c54f7615d62d960e8ffc04640c58c8cabc44ea121f82
SHA51206396c35e6f1023060539c5c0cb503f19481cb6b58ff58b45591cf92ae783e9f0fabc8ae7ff74db5ef6370729d8ee697b1c22bbee1050289c5d5134d38dfcb14
-
Filesize
162KB
MD55ad790da2c4680cb41fdf477fbf80abc
SHA1753f7a3f0c1560b602c9dae2fbb50db2a6cde705
SHA256a874b07129433188f03067da64fed62bdf2c0afe7c62ec7192c2a5257a1b04eb
SHA5120ef53e96f78e0b07c8828391cc55091b64af69be32487613947943d0130ca6ecba5ab7b00672e9bd4e928dcfdedf2eb12d8a5ef0c0e5a98c9ff9486e1288ae97
-
Filesize
356KB
MD54f31b22190811d4d5d991cdf29927b24
SHA1c93763a4bcdff3c888aa853a168a3feb2217e6e2
SHA25666601277efc850107a02b008ec323937f1c4803f6b8f706e2aedb6cc222e923a
SHA5128f00bfde67083be02e3b7dfc2993369d7170733bd590879f1a485678283c4544f828ccf5cc35d7dd9002aa1cafa207457b27af548374fa5e179b010cc05fb44a