1f9cdbca381754a0e655c0aa23b7132f98f4aa9caec239beed1b2664487c23bd

Analysis

max time kernel
117s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 18:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7daf03acfd8405577ea3654d2863dffc.exe
Size

1.3MB
MD5

7daf03acfd8405577ea3654d2863dffc
SHA1

3356445cfbff9a9b175124a8ccf773b28676fa67
SHA256

1f9cdbca381754a0e655c0aa23b7132f98f4aa9caec239beed1b2664487c23bd
SHA512

b75c82c42ac4c8cb3bb5b570a8b9f0cce67230d1d64e1a72c853f977504c1f42f1d06f57987adeddfbc6483c3474acf349cb74591ccbb8902bed6ef8768e7147
SSDEEP

24576:5HXmsF773lPNBs1vi+pOsHVFNiGRqZOMTefh8ugZsbUHWO:hWYRNBs1KWhkwYT4g+Ef

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2052	7daf03acfd8405577ea3654d2863dffc.exe

Executes dropped EXE 1 IoCs

pid	Process
2052	7daf03acfd8405577ea3654d2863dffc.exe

Loads dropped DLL 1 IoCs

pid	Process
1616	7daf03acfd8405577ea3654d2863dffc.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1616-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00070000000120ff-10.dat	upx
behavioral1/files/0x00070000000120ff-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1616	7daf03acfd8405577ea3654d2863dffc.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1616	7daf03acfd8405577ea3654d2863dffc.exe
2052	7daf03acfd8405577ea3654d2863dffc.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 2052	1616	7daf03acfd8405577ea3654d2863dffc.exe	28
PID 1616 wrote to memory of 2052	1616	7daf03acfd8405577ea3654d2863dffc.exe	28
PID 1616 wrote to memory of 2052	1616	7daf03acfd8405577ea3654d2863dffc.exe	28
PID 1616 wrote to memory of 2052	1616	7daf03acfd8405577ea3654d2863dffc.exe	28

C:\Users\Admin\AppData\Local\Temp\7daf03acfd8405577ea3654d2863dffc.exe
"C:\Users\Admin\AppData\Local\Temp\7daf03acfd8405577ea3654d2863dffc.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Users\Admin\AppData\Local\Temp\7daf03acfd8405577ea3654d2863dffc.exe
  C:\Users\Admin\AppData\Local\Temp\7daf03acfd8405577ea3654d2863dffc.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7daf03acfd8405577ea3654d2863dffc.exe

Filesize
645KB

MD5
b4fc546524ab092663bda918a25625a4

SHA1
7787bbdf38c076dc0dcb3a22444afe160109d5bb

SHA256
f35e5b4ab120a2da5f2fc023215d7ada153a761c8344ee8153114db1ae70734d

SHA512
84741b44b6e79cd278c922fc2394746745fae2bd1acf9846ab5989f0f4b73d93daf879afd5057e6252e5978d6886c144fc8d641061e93c73c8551dc09023c9b6

Download Submit
\Users\Admin\AppData\Local\Temp\7daf03acfd8405577ea3654d2863dffc.exe

Filesize
603KB

MD5
b258bfab6f798addf80de97751de9ffc

SHA1
bb69cf0deeae07e72d584419f9b2f1276a1ddaec

SHA256
52e965ee5dfa9b60f4c3a6239221fcd41af8124ec9f0ad53a782fcd5ce0151c3

SHA512
48e9214d82ff0e96f204dfe1f13fb69fed14eaee7a5353353a17ff6f6d550a3626c3deaec48503eaea5c1a31892264c96096d6dd162abe03b23817ff61639450

Download Submit
memory/1616-15-0x00000000034D0000-0x00000000039BF000-memory.dmp

Filesize
4.9MB

Download
memory/1616-3-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1616-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1616-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1616-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2052-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2052-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2052-19-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2052-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2052-25-0x0000000003540000-0x000000000376A000-memory.dmp

Filesize
2.2MB

Download
memory/2052-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download