20e39920c10edd53d32965ecfc7dd018925542ec263704d1113bff1cd264eaf0

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 21:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7585bfa53322c05fec7dbeb703036bc8.exe
Size

10.6MB
MD5

7585bfa53322c05fec7dbeb703036bc8
SHA1

dec1afe83f0783febba64709d3418170ee4111b0
SHA256

20e39920c10edd53d32965ecfc7dd018925542ec263704d1113bff1cd264eaf0
SHA512

5fe2c0798768164bb91f17832063f2a9eeea5f32a1cad0797d290bf91f2a2dd63df390b3b8b44d624d60ac3a60cfe62379c04e7ef91b19fd903cb04dfc552e64
SSDEEP

196608:lAVX7YY3egXc+J16psDnuGHdm30iHI7mc+J16psYDpc+3NH7c+J16psDnuGHdm3X:GUBgx6puusI3OU6plDpc2f6puusI3OU/

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2740	7585bfa53322c05fec7dbeb703036bc8.exe

Executes dropped EXE 1 IoCs

pid	Process
2740	7585bfa53322c05fec7dbeb703036bc8.exe

Loads dropped DLL 1 IoCs

pid	Process
2988	7585bfa53322c05fec7dbeb703036bc8.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2988-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0009000000012287-10.dat	upx
behavioral1/files/0x0009000000012287-12.dat	upx
behavioral1/memory/2988-16-0x0000000004740000-0x0000000004C27000-memory.dmp	upx
behavioral1/files/0x0009000000012287-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2988	7585bfa53322c05fec7dbeb703036bc8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2988	7585bfa53322c05fec7dbeb703036bc8.exe
2740	7585bfa53322c05fec7dbeb703036bc8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2740	2988	7585bfa53322c05fec7dbeb703036bc8.exe	28
PID 2988 wrote to memory of 2740	2988	7585bfa53322c05fec7dbeb703036bc8.exe	28
PID 2988 wrote to memory of 2740	2988	7585bfa53322c05fec7dbeb703036bc8.exe	28
PID 2988 wrote to memory of 2740	2988	7585bfa53322c05fec7dbeb703036bc8.exe	28

C:\Users\Admin\AppData\Local\Temp\7585bfa53322c05fec7dbeb703036bc8.exe
"C:\Users\Admin\AppData\Local\Temp\7585bfa53322c05fec7dbeb703036bc8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Users\Admin\AppData\Local\Temp\7585bfa53322c05fec7dbeb703036bc8.exe
  C:\Users\Admin\AppData\Local\Temp\7585bfa53322c05fec7dbeb703036bc8.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7585bfa53322c05fec7dbeb703036bc8.exe

Filesize
256KB

MD5
6c99961038f49c80a21cfb2b901eaea6

SHA1
0adf2abc57250600ba503b2cb2aa395b69a50cf4

SHA256
39b58f9950377c86dd40f4a348f5625d438db6d93c5e1aca994bca9d32c97600

SHA512
201ef68058fa43459776fb39fe81529b333284105dfb1d14aaef126a8b61fe466bcd12aac73b6500621590bb0ebf0a9ee3b20a3518e016d43d63a6eb4817f8ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\7585bfa53322c05fec7dbeb703036bc8.exe

Filesize
567KB

MD5
aa5244985db1c87238f6128b889fbff7

SHA1
b49a5a2d16efb2da1b2d296dab89f07a809536c0

SHA256
98f0beb4c7225991263291fa928d8bf5fffe6b0bc8d42fe37619683aee7989d7

SHA512
a591132cf1cfe5b0b255db25aed16d4b08add298b3e1719047e93b1a3a50e7271bb9863b84c8b9ba1b67e382eb16693cfbb0a865423acce578e47b38b25412a8

Download Submit
\Users\Admin\AppData\Local\Temp\7585bfa53322c05fec7dbeb703036bc8.exe

Filesize
1.1MB

MD5
63eaf1261559537818837476f1e0e4ea

SHA1
1fd80e5b7dbb75cc3686391f8dec9a72729daf36

SHA256
c8e6634059059bd129e0c017bfaeea3d69c35f9057e51d7a91d023c0e25d9eda

SHA512
98d9543264c0110b8b8aee729ad9a50563a0a75c4840567ff741a6548dfecd63c60fbf010e8e63e36aec4bd69470acd680e136df33f2b1efb6c940bc0a32f238

Download Submit
memory/2740-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2740-24-0x0000000003530000-0x0000000003752000-memory.dmp

Filesize
2.1MB

Download
memory/2740-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2740-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2740-19-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2740-21-0x00000000002C0000-0x00000000003F1000-memory.dmp

Filesize
1.2MB

Download
memory/2988-16-0x0000000004740000-0x0000000004C27000-memory.dmp

Filesize
4.9MB

Download
memory/2988-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2988-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2988-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2988-31-0x0000000004740000-0x0000000004C27000-memory.dmp

Filesize
4.9MB

Download
memory/2988-1-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download