0d0cbe7d1a29d5a3e2897e2988c2834f32dc92fd5565d4f694c3d31a48c6da2e

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27-01-2024 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a78f5d9d6b120146b6dd9d542a4f26d.exe
Size

1.5MB
MD5

7a78f5d9d6b120146b6dd9d542a4f26d
SHA1

fef83865398c63c755fbbc2ff4e9b39b2861e696
SHA256

0d0cbe7d1a29d5a3e2897e2988c2834f32dc92fd5565d4f694c3d31a48c6da2e
SHA512

9b630400c4d2a81ad94d46478105511aaa4026ece73c453932925f1fb6dd13010defd9b75ad3b8116d2d5185535d643d1af0cbcffb173a8ce2ef69747ee90a88
SSDEEP

24576:wjo4uvgEvngmJzlsr4R64flxs7UKbJ3Dn8ftKdGlqhGb3IwAKh+W:wqv9ls0Rbf0NpgUngb3IwAKk

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1796	7a78f5d9d6b120146b6dd9d542a4f26d.exe

Executes dropped EXE 1 IoCs

pid	Process
1796	7a78f5d9d6b120146b6dd9d542a4f26d.exe

Loads dropped DLL 1 IoCs

pid	Process
2064	7a78f5d9d6b120146b6dd9d542a4f26d.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2064-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000c00000001225c-12.dat	upx
behavioral1/files/0x000c00000001225c-13.dat	upx
behavioral1/files/0x000c00000001225c-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2064	7a78f5d9d6b120146b6dd9d542a4f26d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2064	7a78f5d9d6b120146b6dd9d542a4f26d.exe
1796	7a78f5d9d6b120146b6dd9d542a4f26d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 1796	2064	7a78f5d9d6b120146b6dd9d542a4f26d.exe	28
PID 2064 wrote to memory of 1796	2064	7a78f5d9d6b120146b6dd9d542a4f26d.exe	28
PID 2064 wrote to memory of 1796	2064	7a78f5d9d6b120146b6dd9d542a4f26d.exe	28
PID 2064 wrote to memory of 1796	2064	7a78f5d9d6b120146b6dd9d542a4f26d.exe	28

C:\Users\Admin\AppData\Local\Temp\7a78f5d9d6b120146b6dd9d542a4f26d.exe
"C:\Users\Admin\AppData\Local\Temp\7a78f5d9d6b120146b6dd9d542a4f26d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Users\Admin\AppData\Local\Temp\7a78f5d9d6b120146b6dd9d542a4f26d.exe
  C:\Users\Admin\AppData\Local\Temp\7a78f5d9d6b120146b6dd9d542a4f26d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7a78f5d9d6b120146b6dd9d542a4f26d.exe

Filesize
307KB

MD5
4330bead1a74930efe48fdd1df13fda4

SHA1
e0a0cbd62965e7b86deb9224c6d6be223b764804

SHA256
e612adc98958f163e928a1f4bde32c4365abcbeb7105edf814567d15d1663e8f

SHA512
2a9b982112e2bee6cf734ea43ee440b48f6cb40ad66e688280630b2d4e0cbb76730cfb03936f17be2c9e1518e10b53d317c37d6d479b4d688c777d74c93f3537

Download Submit
C:\Users\Admin\AppData\Local\Temp\7a78f5d9d6b120146b6dd9d542a4f26d.exe

Filesize
299KB

MD5
aed6a7df3f5e83dd3efb5ac266d1aade

SHA1
83fa05e4f1b51fc37d74909524c06dd802a22cc2

SHA256
b7e3838a12af656ad9264f452c092f5d6b2039f54f1e07f9a214dfee16330a01

SHA512
e2ffaa13c95f10ce51145a871e89a1d86ebda3a75f17db989450c45ecb449d2315e7b8b2d5e6c2dd2c9f5685dd569829ab1034290989ad93a9ea8e63ab28c599

Download Submit
\Users\Admin\AppData\Local\Temp\7a78f5d9d6b120146b6dd9d542a4f26d.exe

Filesize
410KB

MD5
5c64fa5cf7fe830a6dbd6fc199344111

SHA1
97eea0554122981476edbb2e738a0d497d3167dc

SHA256
12101a3f013b8b566697705af0f38a87247c0b9e7ef3014290121e46158e6090

SHA512
a565c05eba37ac13cc2503d7a4904633fd60e04cb12f05efdfb476704a98d98778638071fffa4010bec75b784073ffcaceaa10422bd9b78d7d3cb916d212fa27

Download Submit
memory/1796-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1796-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1796-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1796-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1796-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/1796-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2064-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2064-15-0x0000000003670000-0x0000000003B5F000-memory.dmp

Filesize
4.9MB

Download
memory/2064-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2064-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2064-3-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2064-31-0x0000000003670000-0x0000000003B5F000-memory.dmp

Filesize
4.9MB

Download