29b79e9553131e4866906744ed07a5896b622095376d0fe553934fa699b8f3a1

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-01-2024 04:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

766293eec2c624416a326e3f10434eca.exe
Size

1.3MB
MD5

766293eec2c624416a326e3f10434eca
SHA1

dd79dc64fdc9828bf3178cf3684cfa6f155dce90
SHA256

29b79e9553131e4866906744ed07a5896b622095376d0fe553934fa699b8f3a1
SHA512

146267f8e6f096f4a6b9ec7d0e893cb48fd79e64726a8ee2f28b9d7718cbd5a697efdf09fcf5e48efe83d814118d07762fd05695bf79e09cdad159e4c797f93a
SSDEEP

24576:KX4nwvufwfxGkfIV3uYkH2tFWe9KNUQ2CIX3mBt8vUAdDr2KhriOWc:KX4nwvuIUMXegNOmoUAxr2KliOp

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1936	766293eec2c624416a326e3f10434eca.exe

Executes dropped EXE 1 IoCs

pid	Process
1936	766293eec2c624416a326e3f10434eca.exe

Loads dropped DLL 1 IoCs

pid	Process
2244	766293eec2c624416a326e3f10434eca.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2244-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d0000000122a8-15.dat	upx
behavioral1/files/0x000d0000000122a8-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2244	766293eec2c624416a326e3f10434eca.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2244	766293eec2c624416a326e3f10434eca.exe
1936	766293eec2c624416a326e3f10434eca.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 1936	2244	766293eec2c624416a326e3f10434eca.exe	28
PID 2244 wrote to memory of 1936	2244	766293eec2c624416a326e3f10434eca.exe	28
PID 2244 wrote to memory of 1936	2244	766293eec2c624416a326e3f10434eca.exe	28
PID 2244 wrote to memory of 1936	2244	766293eec2c624416a326e3f10434eca.exe	28

C:\Users\Admin\AppData\Local\Temp\766293eec2c624416a326e3f10434eca.exe
"C:\Users\Admin\AppData\Local\Temp\766293eec2c624416a326e3f10434eca.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Users\Admin\AppData\Local\Temp\766293eec2c624416a326e3f10434eca.exe
  C:\Users\Admin\AppData\Local\Temp\766293eec2c624416a326e3f10434eca.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\766293eec2c624416a326e3f10434eca.exe

Filesize
514KB

MD5
ba945695674d1e74be535e21eb9e3e6f

SHA1
163cfb44d5610ceeb545c57d51b6ac904a818f26

SHA256
547f3a28db87e945569ead6b396239a19eeb6467e0104a5880c18d17cca15c23

SHA512
42f4b62eafee60a76387debf1efe484f31104ac3f377372deb0b26cda4eda4424683887291c0ee85667bdb501ca3861c17380aff8d6832e80ceaec6c1702af5a

Download Submit
\Users\Admin\AppData\Local\Temp\766293eec2c624416a326e3f10434eca.exe

Filesize
880KB

MD5
22a572e0ca28646f6f35a1e578264302

SHA1
14c1e90daf6114d6028eb9a05eb8cf3420482c10

SHA256
253a3d5207f29f78d8127975404dd445a7d6a2739e9caa5caeb3a92d17292f3e

SHA512
af26f2c4f3a7089f04c19968971fe7bbfe3bfa7e124235b88aa6836437d8cb1d41759358c713dc03f8ff91b7c4ffce7013a60d8931e07047d51dd6be17a99189

Download Submit
memory/1936-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1936-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1936-20-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1936-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1936-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/1936-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2244-14-0x0000000003490000-0x000000000397F000-memory.dmp

Filesize
4.9MB

Download
memory/2244-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2244-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2244-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2244-1-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2244-31-0x0000000003490000-0x000000000397F000-memory.dmp

Filesize
4.9MB

Download