92e3bd24204058659d59f89bb31d0f6535f5380242d2c70afbb823b6caaa2b9d

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

778e576ebd1ee55eab086aafcbc090ac.exe
Size

2.7MB
MD5

778e576ebd1ee55eab086aafcbc090ac
SHA1

d6c8887367fafd1d4600ab9fe277731011bc34b0
SHA256

92e3bd24204058659d59f89bb31d0f6535f5380242d2c70afbb823b6caaa2b9d
SHA512

f70126d20e30a567db29ac82df8aaf54ec619258bc82d0e2058f29683d06ff473aa87fbd5356318c45c88812026c475155cacd6dde8f8f118c49cbc64a76e39c
SSDEEP

49152:hdhx5UySTTekkXIq+KubWtwhPirMR9veGnc5KM58SWCJQ3U3L74aCGDbedxHM2Rt:hdhXn/+VitwMYHvlM51WEQ3U3X4RGPWD

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1408	778e576ebd1ee55eab086aafcbc090ac.exe

Executes dropped EXE 1 IoCs

pid	Process
1408	778e576ebd1ee55eab086aafcbc090ac.exe

Loads dropped DLL 1 IoCs

pid	Process
1700	778e576ebd1ee55eab086aafcbc090ac.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1700-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000800000001225a-10.dat	upx
behavioral1/files/0x000800000001225a-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1700	778e576ebd1ee55eab086aafcbc090ac.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1700	778e576ebd1ee55eab086aafcbc090ac.exe
1408	778e576ebd1ee55eab086aafcbc090ac.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1408	1700	778e576ebd1ee55eab086aafcbc090ac.exe	28
PID 1700 wrote to memory of 1408	1700	778e576ebd1ee55eab086aafcbc090ac.exe	28
PID 1700 wrote to memory of 1408	1700	778e576ebd1ee55eab086aafcbc090ac.exe	28
PID 1700 wrote to memory of 1408	1700	778e576ebd1ee55eab086aafcbc090ac.exe	28

C:\Users\Admin\AppData\Local\Temp\778e576ebd1ee55eab086aafcbc090ac.exe
"C:\Users\Admin\AppData\Local\Temp\778e576ebd1ee55eab086aafcbc090ac.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Users\Admin\AppData\Local\Temp\778e576ebd1ee55eab086aafcbc090ac.exe
  C:\Users\Admin\AppData\Local\Temp\778e576ebd1ee55eab086aafcbc090ac.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\778e576ebd1ee55eab086aafcbc090ac.exe

Filesize
450KB

MD5
955aebce1111c10b49727ddd11ea172e

SHA1
9f329ba7fd734e46b3b1f3abec025146fe922a60

SHA256
a74b06ef1a2a1fb150287b9d6a4d63e641f0aabec5cdbeab37fe9595555111e4

SHA512
b3059a63061d472c88b44d8feee516909b823eb3f0c67e53bb01c624d4438a76242a484c5ba4be276c6552e407c01b0e60d973c24f5810d1f7b1d6f63a540744

Download Submit
\Users\Admin\AppData\Local\Temp\778e576ebd1ee55eab086aafcbc090ac.exe

Filesize
640KB

MD5
99bdc2878e397f7422ec23f06b6ae30a

SHA1
fda0acae01998d26a85bd0d82bdfcd250c9c30ab

SHA256
055b5763a1e6d3dce87eff482e715222b7be8fde119d3c8a014dd79d7c31d192

SHA512
6cbc1a751f2924afbf18432730225d5f99bfde884365837afa6e3a505673c4e211afc4b7217220fbc8bf930964d24456d01d12174558fe8770caca8948fc85af

Download Submit
memory/1408-18-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1408-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1408-20-0x00000000002B0000-0x00000000003E1000-memory.dmp

Filesize
1.2MB

Download
memory/1408-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1408-24-0x0000000003440000-0x0000000003662000-memory.dmp

Filesize
2.1MB

Download
memory/1408-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1700-2-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/1700-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1700-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1700-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1700-15-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download
memory/1700-31-0x0000000003760000-0x0000000003C47000-memory.dmp

Filesize
4.9MB

Download