8afed99cc5d88ec76db6a9b5d84e1c3491a9154bea07034dd58a05dde0c58ac2

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-01-2024 04:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7654c909bcf32676e7c8dbb88dd0082b.exe
Size

1.3MB
MD5

7654c909bcf32676e7c8dbb88dd0082b
SHA1

e8b4cbb7c6e34209431064b0a2013e0e4249eeb1
SHA256

8afed99cc5d88ec76db6a9b5d84e1c3491a9154bea07034dd58a05dde0c58ac2
SHA512

20256b9bee2abdf4f5c3c7d57f2ed798a804ed347c6b5b72ea18a2d5dbcb46354e919aeca8ab871c548fa15e70bf2c073ea30986f0ddf0ec240db3b25e6f82f2
SSDEEP

24576:XpB/YfZ1szVK+jJl1aOhSFAZgq6ngisbrPseTD+6HHqTD1SyECq4TdHZWKJXJ2UD:5BYZ1szZrhwA2q6gisPB7uD1nLZWKJnD

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2180	7654c909bcf32676e7c8dbb88dd0082b.exe

Executes dropped EXE 1 IoCs

pid	Process
2180	7654c909bcf32676e7c8dbb88dd0082b.exe

Loads dropped DLL 1 IoCs

pid	Process
2548	7654c909bcf32676e7c8dbb88dd0082b.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2548-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000b000000012262-10.dat	upx
behavioral1/memory/2548-14-0x00000000034E0000-0x00000000039C7000-memory.dmp	upx
behavioral1/files/0x000b000000012262-15.dat	upx
behavioral1/memory/2180-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2548	7654c909bcf32676e7c8dbb88dd0082b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2548	7654c909bcf32676e7c8dbb88dd0082b.exe
2180	7654c909bcf32676e7c8dbb88dd0082b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2180	2548	7654c909bcf32676e7c8dbb88dd0082b.exe	28
PID 2548 wrote to memory of 2180	2548	7654c909bcf32676e7c8dbb88dd0082b.exe	28
PID 2548 wrote to memory of 2180	2548	7654c909bcf32676e7c8dbb88dd0082b.exe	28
PID 2548 wrote to memory of 2180	2548	7654c909bcf32676e7c8dbb88dd0082b.exe	28

C:\Users\Admin\AppData\Local\Temp\7654c909bcf32676e7c8dbb88dd0082b.exe
"C:\Users\Admin\AppData\Local\Temp\7654c909bcf32676e7c8dbb88dd0082b.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Users\Admin\AppData\Local\Temp\7654c909bcf32676e7c8dbb88dd0082b.exe
  C:\Users\Admin\AppData\Local\Temp\7654c909bcf32676e7c8dbb88dd0082b.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7654c909bcf32676e7c8dbb88dd0082b.exe

Filesize
733KB

MD5
8c891fdf9d9ac48f9efe7caabd5027ae

SHA1
a79413e9629be23d9347673d0e477dabd80060d8

SHA256
2c668fe85c1373d08d9ba052fd5370258f9156ec6a9c9198edde23a24c0c34e2

SHA512
edc7d002a8c06afd304aa9cfb2a1cb21865a981ab18bd97e219606bc08827e83b1197aadd03ff3f307ef35e8a5384bcc2d88f22466b47a9bf054a60150b3306f

Download Submit
\Users\Admin\AppData\Local\Temp\7654c909bcf32676e7c8dbb88dd0082b.exe

Filesize
470KB

MD5
792e2ef62900db758e35e2ab63db6f21

SHA1
8a1dc3e68b4b92d77d9a3de849b59c15ed995e81

SHA256
d400cd8137fff6a1dd6702fb5e66f7687c3d2752d6e945cbae5a7f28cf456aae

SHA512
36ba5aa9f21dbfd5aab85da820cbcc8a723e56438e4388317a08756419caac99f478048bfd0e00528ef20561afed2ee0e5cdcf9ef64e09aeac8740d06e1bf0d6

Download Submit
memory/2180-18-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2180-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2180-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2180-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2180-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2180-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2548-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2548-14-0x00000000034E0000-0x00000000039C7000-memory.dmp

Filesize
4.9MB

Download
memory/2548-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2548-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2548-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2548-31-0x00000000034E0000-0x00000000039C7000-memory.dmp

Filesize
4.9MB

Download