fa0a9ee26d02a444c2eb0f05449f74ccf1ae4b96988576e640014db33018df97

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 04:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7666631340601c748c0b9cb8affa02db.exe
Size

5.8MB
MD5

7666631340601c748c0b9cb8affa02db
SHA1

b463ac7a8b4eea1e5a48b0170a6a15e70c390e25
SHA256

fa0a9ee26d02a444c2eb0f05449f74ccf1ae4b96988576e640014db33018df97
SHA512

1df46294d7f989aa9735a9cd16b3559797a3ce7c6e2a9f1f7e7952a6a8ef730860aab082bb2680986670c2f22a514511dc129397b8f9d978e00acc25bbe5499d
SSDEEP

98304:85mdM5JhLlvFhiY1gg3gnl/IVUs1jePsfk9AIE9GWiWDDPbkUwcgg3gnl/IVUs1h:Ip5dvntDgl/iBiP+k9AeWUUwYgl/iBiP

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3032	7666631340601c748c0b9cb8affa02db.exe

Executes dropped EXE 1 IoCs

pid	Process
3032	7666631340601c748c0b9cb8affa02db.exe

Loads dropped DLL 1 IoCs

pid	Process
1948	7666631340601c748c0b9cb8affa02db.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1948-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00080000000120f8-10.dat	upx
behavioral1/files/0x00080000000120f8-13.dat	upx
behavioral1/memory/3032-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1948	7666631340601c748c0b9cb8affa02db.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1948	7666631340601c748c0b9cb8affa02db.exe
3032	7666631340601c748c0b9cb8affa02db.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 3032	1948	7666631340601c748c0b9cb8affa02db.exe	28
PID 1948 wrote to memory of 3032	1948	7666631340601c748c0b9cb8affa02db.exe	28
PID 1948 wrote to memory of 3032	1948	7666631340601c748c0b9cb8affa02db.exe	28
PID 1948 wrote to memory of 3032	1948	7666631340601c748c0b9cb8affa02db.exe	28

C:\Users\Admin\AppData\Local\Temp\7666631340601c748c0b9cb8affa02db.exe
"C:\Users\Admin\AppData\Local\Temp\7666631340601c748c0b9cb8affa02db.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Users\Admin\AppData\Local\Temp\7666631340601c748c0b9cb8affa02db.exe
  C:\Users\Admin\AppData\Local\Temp\7666631340601c748c0b9cb8affa02db.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7666631340601c748c0b9cb8affa02db.exe

Filesize
309KB

MD5
3352097531ad9625aeb90d832f189d6c

SHA1
4f6b51c6d2c8a04dc5609f6856d25ef4c06a2ea2

SHA256
3a2b935531cba2f11eee82393a646c8a677c7a25d8fe0934a0082bba8092a3d0

SHA512
e5f243edfcecad16d1e16fbf234023f97d88837f379f3c914f863f4eb6a59bfd437ad430f8f8dda533c1c927b7417c223ac3a9bbf2280d4c94126cc8d9195472

Download Submit
\Users\Admin\AppData\Local\Temp\7666631340601c748c0b9cb8affa02db.exe

Filesize
573KB

MD5
cb8e833a760d6a63dc30e282cf2f00b7

SHA1
1699549b4960eb930c879aa8c50874f6535457a6

SHA256
c5c3992bcb97b76938ecc5fcae3a7c5940b5745065e3ed788c42db08d22d7bbf

SHA512
34169fb59e192aa3f618790348c56e2f5908ab29c797833d7589c2c0891b66a98ed02e9be2d60b2adcc61f6928d5adcf488ce80628ac0990d4ff8b67b8753dc5

Download Submit
memory/1948-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1948-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1948-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1948-15-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/1948-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1948-31-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/3032-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3032-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3032-20-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/3032-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3032-24-0x00000000032D0000-0x00000000034FA000-memory.dmp

Filesize
2.2MB

Download
memory/3032-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download