aa09909a69b4b9065868ac0ba4b50243e4744dd64d54f962d65ece915fc83321

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 09:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cca66a9566b36a656de080b769f0499.exe
Size

5.8MB
MD5

7cca66a9566b36a656de080b769f0499
SHA1

28d005956280b7c87ca2d1f3fc7106f84c1b692b
SHA256

aa09909a69b4b9065868ac0ba4b50243e4744dd64d54f962d65ece915fc83321
SHA512

4ee84c0efc33b4571fadd44160faf7ab0aa2ce671244b3aff7dced28062067314faab4d43aa074359700efc5428443cc9621d61fafac9616c8eb5a53fc0c7fdc
SSDEEP

98304:K1t6zJ20fHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:8MIoauq1jI86FA7y2auq1jI86

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3068	7cca66a9566b36a656de080b769f0499.exe

Executes dropped EXE 1 IoCs

pid	Process
3068	7cca66a9566b36a656de080b769f0499.exe

Loads dropped DLL 1 IoCs

pid	Process
2224	7cca66a9566b36a656de080b769f0499.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2224-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012238-10.dat	upx
behavioral1/files/0x000a000000012238-15.dat	upx
behavioral1/memory/3068-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2224-13-0x0000000003F30000-0x000000000441F000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2224	7cca66a9566b36a656de080b769f0499.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2224	7cca66a9566b36a656de080b769f0499.exe
3068	7cca66a9566b36a656de080b769f0499.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 3068	2224	7cca66a9566b36a656de080b769f0499.exe	28
PID 2224 wrote to memory of 3068	2224	7cca66a9566b36a656de080b769f0499.exe	28
PID 2224 wrote to memory of 3068	2224	7cca66a9566b36a656de080b769f0499.exe	28
PID 2224 wrote to memory of 3068	2224	7cca66a9566b36a656de080b769f0499.exe	28

C:\Users\Admin\AppData\Local\Temp\7cca66a9566b36a656de080b769f0499.exe
"C:\Users\Admin\AppData\Local\Temp\7cca66a9566b36a656de080b769f0499.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\7cca66a9566b36a656de080b769f0499.exe
  C:\Users\Admin\AppData\Local\Temp\7cca66a9566b36a656de080b769f0499.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7cca66a9566b36a656de080b769f0499.exe

Filesize
3.0MB

MD5
a5bfebbb09fda80d4d1640e39bcb4888

SHA1
8262dc672663a8d2c1fa1aed9f78a47741e3f7d4

SHA256
f98a0deeb94d68ba68ec52fbc8517d173c281adee28af3a817f29ce1f2ad8fe7

SHA512
cf5cccfddeac26f84da0e5d9aa4ad8c160454bd8d6428e2015d00c6537fa9340a5162ec9da7d5d89e427dc6d9af18ab449cbdf871ec01f82d267b431e5afb334

Download Submit
\Users\Admin\AppData\Local\Temp\7cca66a9566b36a656de080b769f0499.exe

Filesize
2.8MB

MD5
f4ab429d4c656b0c00076aee34fdadd5

SHA1
f8f944ff6e26068f5042afed299c93cf07975b99

SHA256
771555cc430d66eefa6b9a66b6769acfec4553e09400a496c159a596f698f061

SHA512
dc603ae2a736b4e67971ef9060708679096a6b6eb24e74e7809400da28dc989b0fad02433f669a7a374d363460b8e3e327cc8b156f418be4e3e8fd1465e3a295

Download Submit
memory/2224-13-0x0000000003F30000-0x000000000441F000-memory.dmp

Filesize
4.9MB

Download
memory/2224-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2224-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2224-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2224-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3068-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3068-18-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/3068-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3068-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3068-24-0x0000000003670000-0x000000000389A000-memory.dmp

Filesize
2.2MB

Download
memory/3068-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download