8963de5312827701131411828c83c699594b54008354135ae018e518f2de1f9c

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 09:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7cb601b818133ca5fef1bf7c947877b2.exe
Size

2.9MB
MD5

7cb601b818133ca5fef1bf7c947877b2
SHA1

bfef46ce1e26d9332638de2106019c35b3b067b7
SHA256

8963de5312827701131411828c83c699594b54008354135ae018e518f2de1f9c
SHA512

8bb914e7fee872394c106f3661ba90e940784fbc34c61a87c5b8e229ddc74737733a5307d685862a47498b61223d62577ea0700c7641107f567bcc24be047f56
SSDEEP

49152:vwD2YaRVCdtfIQg4Oe7MBvgpgeoP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:vwD2v87gQ/OeIBvheogg3gnl/IVUs1jl

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2328	7cb601b818133ca5fef1bf7c947877b2.exe

Executes dropped EXE 1 IoCs

pid	Process
2328	7cb601b818133ca5fef1bf7c947877b2.exe

Loads dropped DLL 1 IoCs

pid	Process
3068	7cb601b818133ca5fef1bf7c947877b2.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3068-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0008000000012270-10.dat	upx
behavioral1/files/0x0008000000012270-13.dat	upx
behavioral1/memory/3068-15-0x0000000003930000-0x0000000003E1F000-memory.dmp	upx
behavioral1/memory/2328-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3068	7cb601b818133ca5fef1bf7c947877b2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3068	7cb601b818133ca5fef1bf7c947877b2.exe
2328	7cb601b818133ca5fef1bf7c947877b2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2328	3068	7cb601b818133ca5fef1bf7c947877b2.exe	28
PID 3068 wrote to memory of 2328	3068	7cb601b818133ca5fef1bf7c947877b2.exe	28
PID 3068 wrote to memory of 2328	3068	7cb601b818133ca5fef1bf7c947877b2.exe	28
PID 3068 wrote to memory of 2328	3068	7cb601b818133ca5fef1bf7c947877b2.exe	28

C:\Users\Admin\AppData\Local\Temp\7cb601b818133ca5fef1bf7c947877b2.exe
"C:\Users\Admin\AppData\Local\Temp\7cb601b818133ca5fef1bf7c947877b2.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Users\Admin\AppData\Local\Temp\7cb601b818133ca5fef1bf7c947877b2.exe
  C:\Users\Admin\AppData\Local\Temp\7cb601b818133ca5fef1bf7c947877b2.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7cb601b818133ca5fef1bf7c947877b2.exe

Filesize
468KB

MD5
664705991b3b631714796192dbb0e7d8

SHA1
010d9030fc88e88ed4810e1157abb69dbec703f3

SHA256
9dc3beb90e0a2bcde0dddbc3d49033224a88a58796ed399d4f40d8c59e1a690a

SHA512
916e21498426018b239063205f576cb3d4bc6bf0b3294ade3b4946efe56f61c74ec24fc523efcf9054b16446bb56d68413be900f0fa46fc2d258ee387ebf1125

Download Submit
\Users\Admin\AppData\Local\Temp\7cb601b818133ca5fef1bf7c947877b2.exe

Filesize
384KB

MD5
ba5f2a5c757917a786dc404ff5716d4c

SHA1
97e971a57fd25d2f816d9ba71d0653749e5c6950

SHA256
5a75cf4fdfba58185422743b20b0778f23d50b3e3a807e8321beb5887cdfed65

SHA512
34d5fdc36e238bda66c7a4f27a836bb5dbd970ccf1b08b26dca5420229d703c349081d4a243a03c93cea06f156d0339adbc2a07c96010e4560dde853696fdd61

Download Submit
memory/2328-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2328-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2328-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2328-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2328-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2328-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3068-2-0x00000000002C0000-0x00000000003F3000-memory.dmp

Filesize
1.2MB

Download
memory/3068-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3068-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3068-15-0x0000000003930000-0x0000000003E1F000-memory.dmp

Filesize
4.9MB

Download
memory/3068-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3068-31-0x0000000003930000-0x0000000003E1F000-memory.dmp

Filesize
4.9MB

Download