ab179c440d5914292767c2c33cea9067b6fc2916bbaefaf20e4ca685a246807c

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28-01-2024 18:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7dba76897cb4d133eec2e828dbd9e699.exe
Size

5.8MB
MD5

7dba76897cb4d133eec2e828dbd9e699
SHA1

711b8ad27c9d0a2fbd2c4d0ec1a01b34d55de563
SHA256

ab179c440d5914292767c2c33cea9067b6fc2916bbaefaf20e4ca685a246807c
SHA512

5f37fa5adb7d08338db47c909f451393406e183b5ff2487c244a657841f7f40fa84b4de4eb25eff5ba7cab475ccfee2648fb49c08d47e4b1c072db0eb0e0f410
SSDEEP

98304:QwYCnlLpiY9vVFc2Vs0AyKBHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCQ:LlLpb9vVDCbauq1jI86FA7y2auq1jI86

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2820	7dba76897cb4d133eec2e828dbd9e699.exe

Executes dropped EXE 1 IoCs

pid	Process
2820	7dba76897cb4d133eec2e828dbd9e699.exe

Loads dropped DLL 1 IoCs

pid	Process
2880	7dba76897cb4d133eec2e828dbd9e699.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2880-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00090000000146c0-13.dat	upx
behavioral1/files/0x00090000000146c0-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2880	7dba76897cb4d133eec2e828dbd9e699.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2880	7dba76897cb4d133eec2e828dbd9e699.exe
2820	7dba76897cb4d133eec2e828dbd9e699.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2820	2880	7dba76897cb4d133eec2e828dbd9e699.exe	28
PID 2880 wrote to memory of 2820	2880	7dba76897cb4d133eec2e828dbd9e699.exe	28
PID 2880 wrote to memory of 2820	2880	7dba76897cb4d133eec2e828dbd9e699.exe	28
PID 2880 wrote to memory of 2820	2880	7dba76897cb4d133eec2e828dbd9e699.exe	28

C:\Users\Admin\AppData\Local\Temp\7dba76897cb4d133eec2e828dbd9e699.exe
"C:\Users\Admin\AppData\Local\Temp\7dba76897cb4d133eec2e828dbd9e699.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Users\Admin\AppData\Local\Temp\7dba76897cb4d133eec2e828dbd9e699.exe
  C:\Users\Admin\AppData\Local\Temp\7dba76897cb4d133eec2e828dbd9e699.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7dba76897cb4d133eec2e828dbd9e699.exe

Filesize
143KB

MD5
08896f041cedc3f5d47d104ee3783cc2

SHA1
86478891cfed1fdb99a70010c48ecd6f335de7b8

SHA256
99b39ed8f4557c47a43e46ebc762334c37336ebd4bc0de3ab5c45cbf5f4e985b

SHA512
6e6b37d2a593489e9391ddc97efbf552ee6c594b022985158342abb1405e332c861d3ba8f64c16e626f23c2f01cc4d8de536fccb916ea53bd43cbbd9d87ad197

Download Submit
\Users\Admin\AppData\Local\Temp\7dba76897cb4d133eec2e828dbd9e699.exe

Filesize
442KB

MD5
ffc1325bb3cf9b596f895e798db1d3c9

SHA1
66418573e3036b26813e8db2de47d7f326be9fa2

SHA256
9fc79645b968af68d7c588b5e5c6285c8ca0682e95f0eb748a905e29114d189a

SHA512
792b8ff54834bf0dc3837057a1b3c7f1dd24e1f5269c157f42e12e9ed5516d3797613b7793749f942af3aada832930001c304393591c4e45802f0122f00e5323

Download Submit
memory/2820-19-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2820-17-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/2820-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2820-25-0x00000000034C0000-0x00000000036EA000-memory.dmp

Filesize
2.2MB

Download
memory/2820-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2820-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2880-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2880-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2880-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2880-15-0x0000000003DB0000-0x000000000429F000-memory.dmp

Filesize
4.9MB

Download
memory/2880-1-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2880-31-0x0000000003DB0000-0x000000000429F000-memory.dmp

Filesize
4.9MB

Download