8f9af241b610f0870ae4dd6574939f61a17b7c6ece2d3584e21f81a8a28c6b19

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 01:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7e799cef54cb5ff426ea4192af19ccdf.exe
Size

1.3MB
MD5

7e799cef54cb5ff426ea4192af19ccdf
SHA1

7d70928f3add906f060321006b91bb79bcd26155
SHA256

8f9af241b610f0870ae4dd6574939f61a17b7c6ece2d3584e21f81a8a28c6b19
SHA512

66a5173d633485d30861d528c5e3bd0662121e5685c44ec9ec481d8a6b8328c806841c5ecdc1f5b11ca3930fe0d2ebcf54b01c413da6a6deb2ab9d1357223dac
SSDEEP

24576:rqbw3VcS9uFFHD3PCDGvHcaSGGLkK4fG4IMpImw0mmmZ8rnKrWO:rFufv8aTtXIMpI70mmmZ8rKrf

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2184	7e799cef54cb5ff426ea4192af19ccdf.exe

Executes dropped EXE 1 IoCs

pid	Process
2184	7e799cef54cb5ff426ea4192af19ccdf.exe

Loads dropped DLL 1 IoCs

pid	Process
2536	7e799cef54cb5ff426ea4192af19ccdf.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2536-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a00000001224e-10.dat	upx
behavioral1/files/0x000a00000001224e-15.dat	upx
behavioral1/memory/2536-14-0x00000000035A0000-0x0000000003A8F000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2536	7e799cef54cb5ff426ea4192af19ccdf.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2536	7e799cef54cb5ff426ea4192af19ccdf.exe
2184	7e799cef54cb5ff426ea4192af19ccdf.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2184	2536	7e799cef54cb5ff426ea4192af19ccdf.exe	28
PID 2536 wrote to memory of 2184	2536	7e799cef54cb5ff426ea4192af19ccdf.exe	28
PID 2536 wrote to memory of 2184	2536	7e799cef54cb5ff426ea4192af19ccdf.exe	28
PID 2536 wrote to memory of 2184	2536	7e799cef54cb5ff426ea4192af19ccdf.exe	28

C:\Users\Admin\AppData\Local\Temp\7e799cef54cb5ff426ea4192af19ccdf.exe
"C:\Users\Admin\AppData\Local\Temp\7e799cef54cb5ff426ea4192af19ccdf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Users\Admin\AppData\Local\Temp\7e799cef54cb5ff426ea4192af19ccdf.exe
  C:\Users\Admin\AppData\Local\Temp\7e799cef54cb5ff426ea4192af19ccdf.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7e799cef54cb5ff426ea4192af19ccdf.exe

Filesize
524KB

MD5
5b518b10e0d6191a01dc8dd53dc720c0

SHA1
feb51556415738f5011fd117ab838e7c86a3dc08

SHA256
f274b4137951a6915cc49bb13de295852c4451595ec4cd2f974514423a59948f

SHA512
18b70c1fbbfa4c2e20dc312534b00b623acbc3c4cb5365be06e6ebffd0c09ad8929932259c3e1a47e85005b3d4ffe35c768959599dc25a95cc356904da391892

Download Submit
\Users\Admin\AppData\Local\Temp\7e799cef54cb5ff426ea4192af19ccdf.exe

Filesize
972KB

MD5
8bd625915c33a8d5aa79ce71085ac047

SHA1
f423be258ab097b7c9f6cef45cc2649cab9ceed4

SHA256
05d1af2513c9e33c68395568d05fa9cc2324e5ce356429e0a8e7c8389a426bdf

SHA512
f760312308bbe71cd2e3e630cfbe78c7ebf0210b2a6436d9fe7ab3a3fa0284366f54f606e9b8953aa2689445aedadd9c0070da467e3efc59692b07fb14ba945e

Download Submit
memory/2184-19-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2184-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2184-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2184-24-0x0000000003420000-0x000000000364A000-memory.dmp

Filesize
2.2MB

Download
memory/2184-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2184-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2536-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2536-2-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/2536-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2536-14-0x00000000035A0000-0x0000000003A8F000-memory.dmp

Filesize
4.9MB

Download
memory/2536-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2536-31-0x00000000035A0000-0x0000000003A8F000-memory.dmp

Filesize
4.9MB

Download