acf54fd9d405e47248bd77b21203d27db254518fa07ef68955d44942340c48de

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-01-2024 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7dfde1a349b1f334d702eb08233dc7ea.exe
Size

2.4MB
MD5

7dfde1a349b1f334d702eb08233dc7ea
SHA1

6e414b098e35aca6161950a979ce339e40b58aa9
SHA256

acf54fd9d405e47248bd77b21203d27db254518fa07ef68955d44942340c48de
SHA512

21c320afa3c505c96bbf35eddf7d2fc25d5ae521bd93be8ce4526fd3363371327a0a8c674e8501c8bce2a34120ed3a103db20047fa8ac2f15898331dbed6ffb7
SSDEEP

49152:z+kNQP15vOJgmZs6Yjk1bDJH9P4M338dB2IBlGuuDVUsdxxjr:6k+vmpZsR0bd9gg3gnl/IVUs1jr

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2316	7dfde1a349b1f334d702eb08233dc7ea.exe

Executes dropped EXE 1 IoCs

pid	Process
2316	7dfde1a349b1f334d702eb08233dc7ea.exe

Loads dropped DLL 1 IoCs

pid	Process
2616	7dfde1a349b1f334d702eb08233dc7ea.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2616-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012251-12.dat	upx
behavioral1/files/0x000b000000012251-14.dat	upx
behavioral1/files/0x000b000000012251-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2616	7dfde1a349b1f334d702eb08233dc7ea.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2616	7dfde1a349b1f334d702eb08233dc7ea.exe
2316	7dfde1a349b1f334d702eb08233dc7ea.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 2316	2616	7dfde1a349b1f334d702eb08233dc7ea.exe	28
PID 2616 wrote to memory of 2316	2616	7dfde1a349b1f334d702eb08233dc7ea.exe	28
PID 2616 wrote to memory of 2316	2616	7dfde1a349b1f334d702eb08233dc7ea.exe	28
PID 2616 wrote to memory of 2316	2616	7dfde1a349b1f334d702eb08233dc7ea.exe	28

C:\Users\Admin\AppData\Local\Temp\7dfde1a349b1f334d702eb08233dc7ea.exe
"C:\Users\Admin\AppData\Local\Temp\7dfde1a349b1f334d702eb08233dc7ea.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Users\Admin\AppData\Local\Temp\7dfde1a349b1f334d702eb08233dc7ea.exe
  C:\Users\Admin\AppData\Local\Temp\7dfde1a349b1f334d702eb08233dc7ea.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7dfde1a349b1f334d702eb08233dc7ea.exe

Filesize
143KB

MD5
1578d9cfb9d109b09e3bb27edb96e3c7

SHA1
aea3fd8f16284740d0365f2d682b7773568970fa

SHA256
d741b89f845705678a9c6e1fa723e14554a2de6e30a6dc773d2f6f6417b9d29b

SHA512
c5a03fdaa88b6d8b099e6b39458e6ed583b5864e265c04e101e08f30aa221f13c6d10b0c9e2192aa4525c1b020b83351f9f0ba52eb226fda74d530753e556274

Download Submit
C:\Users\Admin\AppData\Local\Temp\7dfde1a349b1f334d702eb08233dc7ea.exe

Filesize
165KB

MD5
7cfaa67fac719af8b9707adbda3df557

SHA1
e516f2a39b1b434a2cb103bf9ca17f7b8b0ebcb2

SHA256
e4d0d842e12c0d9da5229019d7ec73b99a6022f0e0b224daf291ce17fa93ed07

SHA512
a4a955fa8c37bc138e676e958f6a9bbb372d84d18d99192e4f4642266b65f87e483e528273aff16517f357b79446046116ee9c112e595e22009fe228c42e7bdb

Download Submit
\Users\Admin\AppData\Local\Temp\7dfde1a349b1f334d702eb08233dc7ea.exe

Filesize
206KB

MD5
efcfe33f8aaf0e22003c0e304a9d5308

SHA1
b2e00d0fa6253ff285637c0e1a43ba77121f8038

SHA256
056e59d2e7896cb161f79917a94d864a629bf1a11e6408f83dfb90b595b18d3e

SHA512
ff3c4249decd8381abd9cf3562963922574360c2706e359a6751e0d09a1d256dfd064a159637c8917c4b5bb1cefd19954739462249ef05e2684970f10fd88828

Download Submit
memory/2316-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2316-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2316-20-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/2316-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2316-25-0x00000000032D0000-0x00000000034FA000-memory.dmp

Filesize
2.2MB

Download
memory/2316-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2616-4-0x0000000000280000-0x00000000003B3000-memory.dmp

Filesize
1.2MB

Download
memory/2616-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2616-16-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2616-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2616-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download