ed91f3aa899310245bcf209fb1b40f2746ed8de81ffbe6525f56dea49a7add95

Analysis

max time kernel
118s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-01-2024 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c3d5621e7ae4fef5085666798ec05a8.exe
Size

2.7MB
MD5

7c3d5621e7ae4fef5085666798ec05a8
SHA1

80472781e6f9ea8a6e0b3cf3709b41943a311bba
SHA256

ed91f3aa899310245bcf209fb1b40f2746ed8de81ffbe6525f56dea49a7add95
SHA512

b09430ed14c382a9e96691a23647be75e4fc3a81764788ea17afffed0b5fa0ec52bc3007a3d8ee740c635941afabe8cde0752114cd524e2f3c7d47f6f6c15423
SSDEEP

49152:Ar2x16QA6wDxLDCvnoCIlRUrR92v5ZLxV/hw6HcC1PLbVaA2DprR9j:AmzSLDCPo6HQrLVw6XTbVafJHj

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2292	7c3d5621e7ae4fef5085666798ec05a8.exe

Executes dropped EXE 1 IoCs

pid	Process
2292	7c3d5621e7ae4fef5085666798ec05a8.exe

Loads dropped DLL 1 IoCs

pid	Process
2900	7c3d5621e7ae4fef5085666798ec05a8.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2900-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a000000012243-10.dat	upx
behavioral1/files/0x000a000000012243-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2900	7c3d5621e7ae4fef5085666798ec05a8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2900	7c3d5621e7ae4fef5085666798ec05a8.exe
2292	7c3d5621e7ae4fef5085666798ec05a8.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2292	2900	7c3d5621e7ae4fef5085666798ec05a8.exe	28
PID 2900 wrote to memory of 2292	2900	7c3d5621e7ae4fef5085666798ec05a8.exe	28
PID 2900 wrote to memory of 2292	2900	7c3d5621e7ae4fef5085666798ec05a8.exe	28
PID 2900 wrote to memory of 2292	2900	7c3d5621e7ae4fef5085666798ec05a8.exe	28

C:\Users\Admin\AppData\Local\Temp\7c3d5621e7ae4fef5085666798ec05a8.exe
"C:\Users\Admin\AppData\Local\Temp\7c3d5621e7ae4fef5085666798ec05a8.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Users\Admin\AppData\Local\Temp\7c3d5621e7ae4fef5085666798ec05a8.exe
  C:\Users\Admin\AppData\Local\Temp\7c3d5621e7ae4fef5085666798ec05a8.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7c3d5621e7ae4fef5085666798ec05a8.exe

Filesize
1.5MB

MD5
3493ba2e41c31e72a0591cd119b17ce0

SHA1
f6bd6691b85c3cbe1c419046594908c01f8e246a

SHA256
f0993e9e926afd44143457d5c277ccd41d26eb3002259eae76dba33bf700e245

SHA512
113803a7aa890f9095b965ec7bfd7d4df4a8974f23d60e5f11ce69d328c2f8daf9f847893d0f7089f75664122b7cf70df6a2070ba6328640244bd7bdb50f4ed9

Download Submit
\Users\Admin\AppData\Local\Temp\7c3d5621e7ae4fef5085666798ec05a8.exe

Filesize
896KB

MD5
b6bd572be0f0ab299df8379470dca402

SHA1
fe1d331cf7300b259523531fbbb52696d9cbe36d

SHA256
b0ef514d3bfef47b1a05299e3c55332e7832c93265814dd9fc28ecc0606aed91

SHA512
9b2cb2be49e25520e9a9afa5024617a79d6677d1f88570000457d1493b060e9ea530900276e92bc6f5bab854ae2b4b02ba229410e3e8cbd3b39d96249714e387

Download Submit
memory/2292-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2292-18-0x00000000002B0000-0x00000000003E1000-memory.dmp

Filesize
1.2MB

Download
memory/2292-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2292-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2292-24-0x00000000032B0000-0x00000000034D2000-memory.dmp

Filesize
2.1MB

Download
memory/2292-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2900-0-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2900-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2900-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2900-15-0x0000000003780000-0x0000000003C67000-memory.dmp

Filesize
4.9MB

Download
memory/2900-3-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2900-31-0x0000000003780000-0x0000000003C67000-memory.dmp

Filesize
4.9MB

Download