8001601351d5533bd0026c132c26faa92f68fd65a9b7964a923b13a9de9d7a40

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c9e34e3197b734242ccc34882e55e6e.exe
Size

11.7MB
MD5

7c9e34e3197b734242ccc34882e55e6e
SHA1

dc4e6398f00006c2b7fda94d1d6f3ddb3640d381
SHA256

8001601351d5533bd0026c132c26faa92f68fd65a9b7964a923b13a9de9d7a40
SHA512

ee29aada892b9a44656fbc6a0472be974147a56b5b6a1e638b4fc2c139e5ba1c835540f27d505a9a03aed5990e12cc2d66e59d59b02aa265764565698e64f4ec
SSDEEP

196608:828T3grc5E3grc5JQl0HIpP3grc5E3grc5:8xgY58gY5Ja0HIpfgY58gY5

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2924	7c9e34e3197b734242ccc34882e55e6e.exe

Executes dropped EXE 1 IoCs

pid	Process
2924	7c9e34e3197b734242ccc34882e55e6e.exe

Loads dropped DLL 1 IoCs

pid	Process
2976	7c9e34e3197b734242ccc34882e55e6e.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2976-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2924-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000d00000001232b-13.dat	upx
behavioral1/files/0x000d00000001232b-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2976	7c9e34e3197b734242ccc34882e55e6e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2976	7c9e34e3197b734242ccc34882e55e6e.exe
2924	7c9e34e3197b734242ccc34882e55e6e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2924	2976	7c9e34e3197b734242ccc34882e55e6e.exe	28
PID 2976 wrote to memory of 2924	2976	7c9e34e3197b734242ccc34882e55e6e.exe	28
PID 2976 wrote to memory of 2924	2976	7c9e34e3197b734242ccc34882e55e6e.exe	28
PID 2976 wrote to memory of 2924	2976	7c9e34e3197b734242ccc34882e55e6e.exe	28

C:\Users\Admin\AppData\Local\Temp\7c9e34e3197b734242ccc34882e55e6e.exe
"C:\Users\Admin\AppData\Local\Temp\7c9e34e3197b734242ccc34882e55e6e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Users\Admin\AppData\Local\Temp\7c9e34e3197b734242ccc34882e55e6e.exe
  C:\Users\Admin\AppData\Local\Temp\7c9e34e3197b734242ccc34882e55e6e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7c9e34e3197b734242ccc34882e55e6e.exe

Filesize
708KB

MD5
f6c28caa377c1793964c30d02e1ab743

SHA1
b5e77ae3fcce29fc7f29a682d59bc79f2a4d6e3d

SHA256
a396d2bbe88e73360db7a44d783bd01fe5ff6e7d92e42c906b56038e3e7e9bcf

SHA512
5097e09493933d64dd51baa3e1a59a29e72c3aced83959e7926f36d3c9b5edfe15c53ff403068801c4ce1e8206ba04c1daac569a9642f7ab2d246f013d3a5cd2

Download Submit
\Users\Admin\AppData\Local\Temp\7c9e34e3197b734242ccc34882e55e6e.exe

Filesize
891KB

MD5
7005bc7db291ca1c2aacf2f74be3a948

SHA1
7ae056cfeef2f43cd21be45df0f08a92e53a6abf

SHA256
bdc2831693069492caf3c2111546545eb309fedbb6863381571240781943dac9

SHA512
bb091e9261d19f6b140cda1e78fee7a7a4aa584c0094ec6fcd0956644635ef2e3b54ae747226e0d5af7a3a84f3cadb786b41e43483a2a0b9800f118b8c5c7902

Download Submit
memory/2924-19-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2924-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2924-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2924-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2924-27-0x00000000033F0000-0x000000000361A000-memory.dmp

Filesize
2.2MB

Download
memory/2924-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2976-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2976-15-0x0000000004B40000-0x000000000502F000-memory.dmp

Filesize
4.9MB

Download
memory/2976-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2976-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2976-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2976-31-0x0000000004B40000-0x000000000502F000-memory.dmp

Filesize
4.9MB

Download