92ee4a3949a2b78273e7f5a22d411e3895975b20f1e482ef409c31444b849df0

Analysis

max time kernel
117s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 14:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77965eb6db12a4a4ff7286556b742fec.exe
Size

5.8MB
MD5

77965eb6db12a4a4ff7286556b742fec
SHA1

8808087cda2daefd4bc45c69a706bb219c1a3458
SHA256

92ee4a3949a2b78273e7f5a22d411e3895975b20f1e482ef409c31444b849df0
SHA512

80bbed5f17e2c41d894d6b2227c1668078800b41a7eea7baf26cc04f22da55417c933e0de94242905b511f12ab3ad17f88c6b58e871bfe7f7bcc977f7d7058e5
SSDEEP

98304:OlF73GX+M3IMOY99OHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwv:eM+AIMOY99Eauq1jI86FA7y2auq1jI86

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2940	77965eb6db12a4a4ff7286556b742fec.exe

Executes dropped EXE 1 IoCs

pid	Process
2940	77965eb6db12a4a4ff7286556b742fec.exe

Loads dropped DLL 1 IoCs

pid	Process
1340	77965eb6db12a4a4ff7286556b742fec.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1340-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012232-10.dat	upx
behavioral1/files/0x0009000000012232-14.dat	upx
behavioral1/memory/2940-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1340	77965eb6db12a4a4ff7286556b742fec.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1340	77965eb6db12a4a4ff7286556b742fec.exe
2940	77965eb6db12a4a4ff7286556b742fec.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 2940	1340	77965eb6db12a4a4ff7286556b742fec.exe	28
PID 1340 wrote to memory of 2940	1340	77965eb6db12a4a4ff7286556b742fec.exe	28
PID 1340 wrote to memory of 2940	1340	77965eb6db12a4a4ff7286556b742fec.exe	28
PID 1340 wrote to memory of 2940	1340	77965eb6db12a4a4ff7286556b742fec.exe	28

C:\Users\Admin\AppData\Local\Temp\77965eb6db12a4a4ff7286556b742fec.exe
"C:\Users\Admin\AppData\Local\Temp\77965eb6db12a4a4ff7286556b742fec.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Users\Admin\AppData\Local\Temp\77965eb6db12a4a4ff7286556b742fec.exe
  C:\Users\Admin\AppData\Local\Temp\77965eb6db12a4a4ff7286556b742fec.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\77965eb6db12a4a4ff7286556b742fec.exe

Filesize
2.4MB

MD5
fac4f3ae4ced216445cf928f73a93945

SHA1
80e15ed95de41d71285a1a5df326988e6ab82a17

SHA256
86a7e5b7e0a1932cae64639ed9297b955315d530e2e3ddd5720e932b90da5e42

SHA512
c08f223c7e218d389f53401b88c6142ee7cd0fee8a00d4658c5139d79c7ace83c0a1486496500212eb57cdc2c2d2abeabc78f5826ea33180bfcd085be5bedd00

Download Submit
\Users\Admin\AppData\Local\Temp\77965eb6db12a4a4ff7286556b742fec.exe

Filesize
1.3MB

MD5
b09acf9695460698a52a5924e7148dc6

SHA1
c4657bbb75868b86f7e17c515baf55d322e9b2fe

SHA256
d461bc7596d52d8bac109384ae23822b900ef1a9428a6b468af1dcc067195206

SHA512
a746bb463c7e07d42604ec52effd24f3e8df954e641b3b2709a1cfa93bfad07c7158837544eb9d5d6d3e05c0dc90cac3482e2515b7d9c7ab8829c18d801f2938

Download Submit
memory/1340-15-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/1340-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1340-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1340-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1340-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1340-31-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2940-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2940-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2940-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2940-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2940-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2940-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download