9da8b382fe7e49ead631fa4ac436947b68f4b4d948fd267456e87a62f1fe53aa

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 04:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

794851c931a595c4b038040d100c0627.exe
Size

1.5MB
MD5

794851c931a595c4b038040d100c0627
SHA1

9b41adde021664a8b20968710aea10f4e40eed13
SHA256

9da8b382fe7e49ead631fa4ac436947b68f4b4d948fd267456e87a62f1fe53aa
SHA512

229dcbb0420768a25725bd6e8b30c4c1ff0d27fbbbd230a2310770f309712c43191ec58e594fbfd5f9cf159e58309df01db4bcb6a5eac84b4ce6182b0653f4d8
SSDEEP

24576:3Xa7DtdoAK7hyBLTeuX9/ILsQVlzIt/fDyG/Yv4sIgA4BWxHxF7fW:na3tOz7MBLT0tl0tzxwvVIgkHHf

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2224	794851c931a595c4b038040d100c0627.exe

Executes dropped EXE 1 IoCs

pid	Process
2224	794851c931a595c4b038040d100c0627.exe

Loads dropped DLL 1 IoCs

pid	Process
2512	794851c931a595c4b038040d100c0627.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2512-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012254-10.dat	upx
behavioral1/files/0x0008000000012254-12.dat	upx
behavioral1/files/0x0008000000012254-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2512	794851c931a595c4b038040d100c0627.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2512	794851c931a595c4b038040d100c0627.exe
2224	794851c931a595c4b038040d100c0627.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2224	2512	794851c931a595c4b038040d100c0627.exe	28
PID 2512 wrote to memory of 2224	2512	794851c931a595c4b038040d100c0627.exe	28
PID 2512 wrote to memory of 2224	2512	794851c931a595c4b038040d100c0627.exe	28
PID 2512 wrote to memory of 2224	2512	794851c931a595c4b038040d100c0627.exe	28

C:\Users\Admin\AppData\Local\Temp\794851c931a595c4b038040d100c0627.exe
"C:\Users\Admin\AppData\Local\Temp\794851c931a595c4b038040d100c0627.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Users\Admin\AppData\Local\Temp\794851c931a595c4b038040d100c0627.exe
  C:\Users\Admin\AppData\Local\Temp\794851c931a595c4b038040d100c0627.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\794851c931a595c4b038040d100c0627.exe

Filesize
1.5MB

MD5
606c2858bd50b2ffc58d65d0054b0eaf

SHA1
5c49edcf1c635ce162f1bc830cfb4f5f7ecd1fad

SHA256
0d2050659e9ee388dbf4ef47f1031811ff2442fdeb726e6e7421a37923a98631

SHA512
9d52bb5b595e877fe9a2e813ab4fd72e34d62b73ec78469df729bb31bf6cb379524dd3f556215030fad3cda7c87ced63c9f1c824878a6c8c917ccc5a09f7da7f

Download Submit
\Users\Admin\AppData\Local\Temp\794851c931a595c4b038040d100c0627.exe

Filesize
192KB

MD5
1aece79e55369dbfefd6a0f092f0ec56

SHA1
a7addc4f185a66d2a0bc7461cf975ac0a29c0419

SHA256
30479011ec0c93d9352b7ec84ded3c4c8348e426b173aa8a79804790b6b64a0b

SHA512
f39822150b9908bfa456ec1af045d3c16d1ea3d02e44a930d983c85dd00c54e945fa66057bac31f78f88a619422ce848716074db1db24372798e760a2b55d38d

Download Submit
memory/2224-21-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2224-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2224-17-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/2224-25-0x0000000003500000-0x000000000372A000-memory.dmp

Filesize
2.2MB

Download
memory/2224-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2224-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2512-2-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/2512-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2512-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2512-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2512-15-0x00000000035F0000-0x0000000003ADF000-memory.dmp

Filesize
4.9MB

Download