c1a19c3e018c7bad61e5c2aca911775823a7dbd3fd6eb57aec5b0cdf9bc3ec62

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a59debdabf88d67201909a748524e0c.exe
Size

2.7MB
MD5

7a59debdabf88d67201909a748524e0c
SHA1

a3f67f0c9e62c86e3f91b5bba9c2078262e1696b
SHA256

c1a19c3e018c7bad61e5c2aca911775823a7dbd3fd6eb57aec5b0cdf9bc3ec62
SHA512

fc10331ae6c06de0662e929bd7648245b4c6b7c03b54f601deabae514f47f3344ea598446ebb0f7a5fae809937ea63312a8e2390539ed3b3b76accfeb996b046
SSDEEP

49152:oCgFz0lip5GRSglBLycTVmeR94T7DkKUx6/KkbNgBVOuSSkFXc+LVpfR9j:oCWxp0RSglBWfeHs7zU8ykbNkYuVkZLL

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2168	7a59debdabf88d67201909a748524e0c.exe

Executes dropped EXE 1 IoCs

pid	Process
2168	7a59debdabf88d67201909a748524e0c.exe

Loads dropped DLL 1 IoCs

pid	Process
1920	7a59debdabf88d67201909a748524e0c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1920-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a0000000139b6-12.dat	upx
behavioral1/files/0x000a0000000139b6-15.dat	upx
behavioral1/files/0x000a0000000139b6-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1920	7a59debdabf88d67201909a748524e0c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1920	7a59debdabf88d67201909a748524e0c.exe
2168	7a59debdabf88d67201909a748524e0c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 2168	1920	7a59debdabf88d67201909a748524e0c.exe	28
PID 1920 wrote to memory of 2168	1920	7a59debdabf88d67201909a748524e0c.exe	28
PID 1920 wrote to memory of 2168	1920	7a59debdabf88d67201909a748524e0c.exe	28
PID 1920 wrote to memory of 2168	1920	7a59debdabf88d67201909a748524e0c.exe	28

C:\Users\Admin\AppData\Local\Temp\7a59debdabf88d67201909a748524e0c.exe
"C:\Users\Admin\AppData\Local\Temp\7a59debdabf88d67201909a748524e0c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Users\Admin\AppData\Local\Temp\7a59debdabf88d67201909a748524e0c.exe
  C:\Users\Admin\AppData\Local\Temp\7a59debdabf88d67201909a748524e0c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7a59debdabf88d67201909a748524e0c.exe

Filesize
409KB

MD5
1bc946b5044fd054d2ff8dc9f72527bd

SHA1
89ec1c5e6d57cabe0a3ae2d4dd164c4a121e5b0e

SHA256
456fb82f80aec6e651db01977d657b27540407f9eab08a83c0e98d6892c603ad

SHA512
48d7ce04927a06a2694ca6bcfd79009adc73869a41c47dd52c61e8cb6baa5047a068ceb140e34b2075dceec3498bd8e13933192570525a54bb346c6d031f96f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7a59debdabf88d67201909a748524e0c.exe

Filesize
326KB

MD5
e496c07d81fe0eb89ca5004c1cb60747

SHA1
e652498c2b6f6deacc52b8611f31f03ce02d8987

SHA256
1ee44017c50f40a2e4f94d0b81f74d06727ac2bc630608368680317c29f244a4

SHA512
286c7d69c0a51ad6e5d00f5d385d8de4df3235c3314bff7caf3ce47d5075dcdd2f2546a08ba06ff3b1225c3755f10a2e647ea5f73a06057c73fa705d3581e646

Download Submit
\Users\Admin\AppData\Local\Temp\7a59debdabf88d67201909a748524e0c.exe

Filesize
444KB

MD5
95f5e06b921aa3b5fa19d212eb81c829

SHA1
f7dde813ef096e568cb12b71d9f699bea5eb1442

SHA256
c8c5bdcf60cdc6c3461e68fdad649eb99b64f2e9b88c01481d2bcfe1db42ddf2

SHA512
2a6d173444be3e69592bf3e552824625948972d52bd4876222b51209ee3449559d7288bee6893903eb7c3b4202f521e425cc087772d0464c00ff94f3990f41a3

Download Submit
memory/1920-14-0x0000000003770000-0x0000000003C57000-memory.dmp

Filesize
4.9MB

Download
memory/1920-2-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/1920-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1920-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1920-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1920-31-0x0000000003770000-0x0000000003C57000-memory.dmp

Filesize
4.9MB

Download
memory/2168-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2168-20-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2168-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2168-25-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2168-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2168-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download