7673dc23941d0b9c8ef4a8c634620b98d4cfceae75a93af17c310bae4f407855

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7847188494e7b747500620a1f65e9743.exe
Size

1.3MB
MD5

7847188494e7b747500620a1f65e9743
SHA1

6265163f510aecd2595ab1816ad8c78a8b18d0b4
SHA256

7673dc23941d0b9c8ef4a8c634620b98d4cfceae75a93af17c310bae4f407855
SHA512

f868738f0971b382cb8b69a17788aade92d7d35ec9ee306d3f41c1e3737e052ae9ab487499b79eabc397046bf3f3aafdc7feabbba9d390128ea33b0a0a27b3d4
SSDEEP

24576:inhP+vMRuU30+TNaM5golG/jYwndkxPdFiud9DsHvG:intcMRt0+5DedkxPdJdVs

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2704	7847188494e7b747500620a1f65e9743.exe

Executes dropped EXE 1 IoCs

pid	Process
2704	7847188494e7b747500620a1f65e9743.exe

Loads dropped DLL 1 IoCs

pid	Process
1672	7847188494e7b747500620a1f65e9743.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1672-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a00000001223b-11.dat	upx
behavioral1/files/0x000a00000001223b-15.dat	upx
behavioral1/files/0x000a00000001223b-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1672	7847188494e7b747500620a1f65e9743.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1672	7847188494e7b747500620a1f65e9743.exe
2704	7847188494e7b747500620a1f65e9743.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2704	1672	7847188494e7b747500620a1f65e9743.exe	28
PID 1672 wrote to memory of 2704	1672	7847188494e7b747500620a1f65e9743.exe	28
PID 1672 wrote to memory of 2704	1672	7847188494e7b747500620a1f65e9743.exe	28
PID 1672 wrote to memory of 2704	1672	7847188494e7b747500620a1f65e9743.exe	28

C:\Users\Admin\AppData\Local\Temp\7847188494e7b747500620a1f65e9743.exe
"C:\Users\Admin\AppData\Local\Temp\7847188494e7b747500620a1f65e9743.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Users\Admin\AppData\Local\Temp\7847188494e7b747500620a1f65e9743.exe
  C:\Users\Admin\AppData\Local\Temp\7847188494e7b747500620a1f65e9743.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7847188494e7b747500620a1f65e9743.exe

Filesize
608KB

MD5
95407a66085f67425f03dffd7076a032

SHA1
21de92888ae2c0b50bdec483fd94cfcde0ea5960

SHA256
584d66a456b36985b54345ecb903f990016c1615fb1afd3d91a2f73a2ad393ed

SHA512
7aabdc066b7c5454b63231cc27121041779f9abc93ac6657b4bcef36751aba10807b749abae5697987477f52a39eaa16fae1a85f1b942e8300cad4946c60e954

Download Submit
C:\Users\Admin\AppData\Local\Temp\7847188494e7b747500620a1f65e9743.exe

Filesize
400KB

MD5
49b7864ca914b93a13c7a073ef41ed18

SHA1
d1dfb11898f64f676d931bf14284865dc2806880

SHA256
c0dedc7735be654a2aa97870098233178a1503590613df3785a802f143413e5e

SHA512
01e9ca26b456c9eae8dceb5d5bbacc079e64443001e09e66844b5d002122aa24084fff01c52dcc4c148e1991ec62592fefda859a1ff92f6eb4b70a0fad10ddf1

Download Submit
\Users\Admin\AppData\Local\Temp\7847188494e7b747500620a1f65e9743.exe

Filesize
204KB

MD5
0eb709f686ddeafec9a62e6fd6646fff

SHA1
9338e1c37d3c1e02881b0bad74552e46da492dcb

SHA256
7151afc7e3504b04ee59a79adf91b3f7d3f6ed582bf8fe1b5701f36806185bf7

SHA512
29130471f8c630ad970a425abd1d3c0a6e672aae48f597cd50e1a18205b0e2416dd06a4ff04f357ff1c91d7d90b0c65ee322c973844900106fd5a085066b8f43

Download Submit
memory/1672-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1672-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/1672-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1672-16-0x0000000003410000-0x000000000387A000-memory.dmp

Filesize
4.4MB

Download
memory/1672-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2704-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2704-19-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2704-21-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2704-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download