c5974bb4171c5e40f2f28486ca06df13bf0339af72d974dce8a9c07e128bef1b

Analysis

max time kernel
118s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 09:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

770854c8a5a634dee44c790a12799c29.exe
Size

5.3MB
MD5

770854c8a5a634dee44c790a12799c29
SHA1

ae317cf335582bf188704031001d39478ed8a266
SHA256

c5974bb4171c5e40f2f28486ca06df13bf0339af72d974dce8a9c07e128bef1b
SHA512

0dcc6f0936581f78b4a1bf150355ad24a55607cad6c0852987b1aef4d8509619a607ece8821285809bd1a788f0477bdbb46fdfa807ce21e6fa74e635c42b6717
SSDEEP

98304:S/2jEnlPtmim+y+5L5NTCHSEAKe7z/9EAGF3kL3575HyV4JdsYnKN7QhHSEAKe7P:S2jotPmF+9X2ne7z19GF25w47LKNMhnE

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2324	770854c8a5a634dee44c790a12799c29.exe

Executes dropped EXE 1 IoCs

pid	Process
2324	770854c8a5a634dee44c790a12799c29.exe

Loads dropped DLL 1 IoCs

pid	Process
2428	770854c8a5a634dee44c790a12799c29.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2428-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0008000000012256-10.dat	upx
behavioral1/files/0x0008000000012256-12.dat	upx
behavioral1/memory/2324-14-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0008000000012256-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2428	770854c8a5a634dee44c790a12799c29.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2428	770854c8a5a634dee44c790a12799c29.exe
2324	770854c8a5a634dee44c790a12799c29.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2324	2428	770854c8a5a634dee44c790a12799c29.exe	28
PID 2428 wrote to memory of 2324	2428	770854c8a5a634dee44c790a12799c29.exe	28
PID 2428 wrote to memory of 2324	2428	770854c8a5a634dee44c790a12799c29.exe	28
PID 2428 wrote to memory of 2324	2428	770854c8a5a634dee44c790a12799c29.exe	28

C:\Users\Admin\AppData\Local\Temp\770854c8a5a634dee44c790a12799c29.exe
"C:\Users\Admin\AppData\Local\Temp\770854c8a5a634dee44c790a12799c29.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Users\Admin\AppData\Local\Temp\770854c8a5a634dee44c790a12799c29.exe
  C:\Users\Admin\AppData\Local\Temp\770854c8a5a634dee44c790a12799c29.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\770854c8a5a634dee44c790a12799c29.exe

Filesize
3.0MB

MD5
e95a23ef805c9f7d4d0f5186ba9a6668

SHA1
ab7eeb518b195b94166b03a794e8de1670227127

SHA256
1781b15d732b64753c322b4ca444b7547fca1cf2550c99b855a30de58fae95c9

SHA512
d211de354298ae17e06045f2a681a36a2c09c61f3bdc54e701c94b702a07c54ca26a73c5535f8a7accfcb548dcb8af90db9bf8260107b101e8daf8c8ed49f3f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\770854c8a5a634dee44c790a12799c29.exe

Filesize
4.6MB

MD5
3d1159c593789fa70915de76548bf38a

SHA1
af49222fe81bd2fda09ad58c34ac49647bdd7ef0

SHA256
f640d09d8471a37c81585737792c274ee2a301ab1c1098ca041e6f2af3c7e253

SHA512
d2d1339f78b91388809fc6eabee3e6ce199768a599c6b50ea96415138fe71c47f31cc10cd63e5d97a013d62ceca478047c8ea9d771b479a0cf512ad66f93791d

Download Submit
\Users\Admin\AppData\Local\Temp\770854c8a5a634dee44c790a12799c29.exe

Filesize
4.2MB

MD5
69df2d1ae0fcca5b07364f572072a772

SHA1
2fbbff43fd0a687cb3d937dbec3ddce3919eeed1

SHA256
87ac6b55dd55d10f09411045e0323f2e8e83cf1b45064b6ef3acc3eedd6660f0

SHA512
ed0b643fd87a933231d202ae74d20a823f84ada7c3f732f859a5b1fec608aeb53ec146a3d9d6cca0b4413e8d52856de2216aec83931208fbd92b39fdbc4286ce

Download Submit
memory/2324-14-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2324-16-0x00000000002A0000-0x00000000003D1000-memory.dmp

Filesize
1.2MB

Download
memory/2324-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2324-22-0x00000000036A0000-0x00000000038C2000-memory.dmp

Filesize
2.1MB

Download
memory/2324-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2324-30-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2428-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2428-3-0x0000000000250000-0x0000000000381000-memory.dmp

Filesize
1.2MB

Download
memory/2428-0-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2428-29-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download