5c7a46fa8aa7665c4e01cfee9e6aa7e7ce568c44b1d6d951eafe8fa68bc44f1b

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 13:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7d3eeee6bbb75181117f5540259733a7.exe
Size

5.8MB
MD5

7d3eeee6bbb75181117f5540259733a7
SHA1

9639e7e2984094cb831de2bda5504dc616c7bb6e
SHA256

5c7a46fa8aa7665c4e01cfee9e6aa7e7ce568c44b1d6d951eafe8fa68bc44f1b
SHA512

86649db6c9e79630e02d2c2a369a93667dd91688f911dfa79b8e93f50921a91a392731278e5c3af531d3ec347ae0c70e984a7367a02de8e07bd843a08bde9292
SSDEEP

98304:Quh7KXvnkceNRC1st2C4HBUCczzM3S2NKVS5aXLjAjiKqr4HBUCczzM3:Q8WkceL9wWCu2NKV2LWK3WC

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1196	7d3eeee6bbb75181117f5540259733a7.exe

Executes dropped EXE 1 IoCs

pid	Process
1196	7d3eeee6bbb75181117f5540259733a7.exe

Loads dropped DLL 1 IoCs

pid	Process
2380	7d3eeee6bbb75181117f5540259733a7.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2380-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000015626-10.dat	upx
behavioral1/files/0x000a000000015626-15.dat	upx
behavioral1/memory/1196-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2380-13-0x0000000003DD0000-0x00000000042BF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2380	7d3eeee6bbb75181117f5540259733a7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2380	7d3eeee6bbb75181117f5540259733a7.exe
1196	7d3eeee6bbb75181117f5540259733a7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 1196	2380	7d3eeee6bbb75181117f5540259733a7.exe	28
PID 2380 wrote to memory of 1196	2380	7d3eeee6bbb75181117f5540259733a7.exe	28
PID 2380 wrote to memory of 1196	2380	7d3eeee6bbb75181117f5540259733a7.exe	28
PID 2380 wrote to memory of 1196	2380	7d3eeee6bbb75181117f5540259733a7.exe	28

C:\Users\Admin\AppData\Local\Temp\7d3eeee6bbb75181117f5540259733a7.exe
"C:\Users\Admin\AppData\Local\Temp\7d3eeee6bbb75181117f5540259733a7.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Users\Admin\AppData\Local\Temp\7d3eeee6bbb75181117f5540259733a7.exe
  C:\Users\Admin\AppData\Local\Temp\7d3eeee6bbb75181117f5540259733a7.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7d3eeee6bbb75181117f5540259733a7.exe

Filesize
568KB

MD5
8f8b6ff5a2eb2ee412235d957c8de0bd

SHA1
24eb1e88ca601125521a19b54a0457606ae30ae4

SHA256
5e08c9a5a6e45d1e8c56e0b242b240cdd5bf106a5dfe4f9d4b0e9d970903457f

SHA512
b768b4dc3e6aed6899b4702386c33522be7a92022f0f6e097e9abfebfa2c7752eed202ec24f873019fe8bc2f59ccd812baa9a2aeeba2b24835977ea26971798e

Download Submit
\Users\Admin\AppData\Local\Temp\7d3eeee6bbb75181117f5540259733a7.exe

Filesize
69KB

MD5
7b396b9a41043da682c82a294789a1ab

SHA1
644d9a98df4e53d1ba9bfd77c797605c0c4be3c5

SHA256
a52383685d38a399d812d7fb2c191f2ea5ef81b9fb4e83eeef031c19c8d9473b

SHA512
4e31895088344f54355ef17d174042b83320fb12df19b19a9aeaef5ce77ac8e7381cf52368ebd8c18e837f7bb6cb48dc5ab8f0109e97971b580d3d90b3a2d55e

Download Submit
memory/1196-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1196-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1196-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1196-24-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/1196-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1196-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2380-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2380-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2380-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2380-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2380-13-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download
memory/2380-31-0x0000000003DD0000-0x00000000042BF000-memory.dmp

Filesize
4.9MB

Download