672d689dbfa1b4a3ce68444c0bda9ebbd7b4d6289a17887ebc60d8913c1965f6

Analysis

max time kernel
120s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 22:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e3add20dfc848c75d0255d724f5946c.exe
Size

5.8MB
MD5

7e3add20dfc848c75d0255d724f5946c
SHA1

8f30a964fdd3c7ffe585cc3564ac1e77862daed8
SHA256

672d689dbfa1b4a3ce68444c0bda9ebbd7b4d6289a17887ebc60d8913c1965f6
SHA512

b976015c0d7d10522c9e38e8459f0079749b9d135373b94c56babe70657ede70c165093f348684fb12bd6bafb127c5147334d69f1a739b9b72fcb14738880c57
SSDEEP

98304:rwonZXuHOtruvshvWsHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNQ:04riv2fauq1jI86FA7y2auq1jI86

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2172	7e3add20dfc848c75d0255d724f5946c.exe

Executes dropped EXE 1 IoCs

pid	Process
2172	7e3add20dfc848c75d0255d724f5946c.exe

Loads dropped DLL 1 IoCs

pid	Process
2052	7e3add20dfc848c75d0255d724f5946c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2052-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012262-10.dat	upx
behavioral1/memory/2172-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012262-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2052	7e3add20dfc848c75d0255d724f5946c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2052	7e3add20dfc848c75d0255d724f5946c.exe
2172	7e3add20dfc848c75d0255d724f5946c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 2172	2052	7e3add20dfc848c75d0255d724f5946c.exe	28
PID 2052 wrote to memory of 2172	2052	7e3add20dfc848c75d0255d724f5946c.exe	28
PID 2052 wrote to memory of 2172	2052	7e3add20dfc848c75d0255d724f5946c.exe	28
PID 2052 wrote to memory of 2172	2052	7e3add20dfc848c75d0255d724f5946c.exe	28

C:\Users\Admin\AppData\Local\Temp\7e3add20dfc848c75d0255d724f5946c.exe
"C:\Users\Admin\AppData\Local\Temp\7e3add20dfc848c75d0255d724f5946c.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Users\Admin\AppData\Local\Temp\7e3add20dfc848c75d0255d724f5946c.exe
  C:\Users\Admin\AppData\Local\Temp\7e3add20dfc848c75d0255d724f5946c.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7e3add20dfc848c75d0255d724f5946c.exe

Filesize
2.1MB

MD5
ca1354d074f60eac8fbbba704d7033ce

SHA1
fa4fc3d369fc782e5488f23cea7d446bf00f9a02

SHA256
c8b50dcf647e7ef44bab6290d39fd593aca608cfb84dc0d4bafd6845ec2d743c

SHA512
fed876e0c5f09916f8c17fd35148b4206bc453bc515b70c2daf19f72ab6332d7a7b0b7108819b59bd2dff6b5e5efa41a5307e428fa7e85828a13608bb1006939

Download Submit
\Users\Admin\AppData\Local\Temp\7e3add20dfc848c75d0255d724f5946c.exe

Filesize
2.6MB

MD5
cca3b092b9b8df9cc1633e43ca67f5aa

SHA1
bd1e0768bef9e8cafd7d47a5cf571589e5d1035c

SHA256
bc0c7b6f1494df2721e0b546af909b7690ed1adf078551f3ae3014393896c70e

SHA512
ca57462b5554e4511a85833d2dfa0788dc43570f2390dfb7b5c1a21baea40248380c451be252b7969cc8fb89be8462360a3f0b39854ed1148d299b9dfd82961b

Download Submit
memory/2052-31-0x0000000003F60000-0x000000000444F000-memory.dmp

Filesize
4.9MB

Download
memory/2052-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2052-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2052-14-0x0000000003F60000-0x000000000444F000-memory.dmp

Filesize
4.9MB

Download
memory/2052-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2052-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2172-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2172-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2172-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2172-24-0x0000000003510000-0x000000000373A000-memory.dmp

Filesize
2.2MB

Download
memory/2172-18-0x0000000000280000-0x00000000003B3000-memory.dmp

Filesize
1.2MB

Download
memory/2172-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download