f61fcb770239178f3d5ec731d6ea61e4975fd213ea0a98235b7e1977970c2850

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 23:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7e408356f410195c5b35d3b1e07c5293.exe
Size

1.3MB
MD5

7e408356f410195c5b35d3b1e07c5293
SHA1

65fa20a9581283e943567a67e73d0655f0cb48a2
SHA256

f61fcb770239178f3d5ec731d6ea61e4975fd213ea0a98235b7e1977970c2850
SHA512

e540a52385b7f8245547eec612bbf6cbdde762cec65600e7ea1c96ca5229697ece28a29ba2821bd8e97d22aceeae31481c7116c1ef61562880b0f9e3d36e1b63
SSDEEP

24576:a/bw+1TSXFD7yWFB1/emSQXsXTiAJfFyshSVtevtDgIrDcw/3huB8YS8qmseGWO:aHmD7xeTQXx8hSVtevt4wvkQdp3f

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2724	7e408356f410195c5b35d3b1e07c5293.exe

Executes dropped EXE 1 IoCs

pid	Process
2724	7e408356f410195c5b35d3b1e07c5293.exe

Loads dropped DLL 1 IoCs

pid	Process
2900	7e408356f410195c5b35d3b1e07c5293.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2900-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012252-10.dat	upx
behavioral1/files/0x000b000000012252-14.dat	upx
behavioral1/memory/2724-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2900	7e408356f410195c5b35d3b1e07c5293.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2900	7e408356f410195c5b35d3b1e07c5293.exe
2724	7e408356f410195c5b35d3b1e07c5293.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2724	2900	7e408356f410195c5b35d3b1e07c5293.exe	28
PID 2900 wrote to memory of 2724	2900	7e408356f410195c5b35d3b1e07c5293.exe	28
PID 2900 wrote to memory of 2724	2900	7e408356f410195c5b35d3b1e07c5293.exe	28
PID 2900 wrote to memory of 2724	2900	7e408356f410195c5b35d3b1e07c5293.exe	28

C:\Users\Admin\AppData\Local\Temp\7e408356f410195c5b35d3b1e07c5293.exe
"C:\Users\Admin\AppData\Local\Temp\7e408356f410195c5b35d3b1e07c5293.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Users\Admin\AppData\Local\Temp\7e408356f410195c5b35d3b1e07c5293.exe
  C:\Users\Admin\AppData\Local\Temp\7e408356f410195c5b35d3b1e07c5293.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7e408356f410195c5b35d3b1e07c5293.exe

Filesize
626KB

MD5
e296e53d528cc6de31b13cb7d9291497

SHA1
ba99a1aab8fe7c9f1fc618b5af0fe72e8be75ef3

SHA256
4342c9692a40e9c2c2c6bf80ce79f65d5d4ac5409e8a95c079a0ae98356705a0

SHA512
2f25d7239574365b8acd036d852fbf2901b861b0d03eda1f32c720c960a3519fab1645b69e6e0cbec726e01164a4afd1bd113c0eb5329a73ca36eb7215f50b37

Download Submit
\Users\Admin\AppData\Local\Temp\7e408356f410195c5b35d3b1e07c5293.exe

Filesize
896KB

MD5
fbe5fc9dd0476f60bdfa64570c49accd

SHA1
b34dece47e57b5e29b8e33b413e68f146cae849f

SHA256
2324559d3550d0a39945bcf0fafdd8d72cfa1e28b890314c1efd34fabbbbd949

SHA512
8839f1d3dcffd32bfa97548b53e0169a5711fc1cb6afa167ab68c3149ea39afeaead3bb8b1ae46a9b57fdbf5abf6bd35558edd40e0e53d873d8134a6b5913cde

Download Submit
memory/2724-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2724-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2724-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2724-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2724-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2724-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2900-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2900-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2900-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2900-15-0x0000000003630000-0x0000000003B1F000-memory.dmp

Filesize
4.9MB

Download
memory/2900-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download