36ea5a5e3414e130e182c3565f8501e30a17a1e3d2e269252a8c92ef61079148

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 01:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7e91b8d468217f1143210bd3697d802f.exe
Size

2.7MB
MD5

7e91b8d468217f1143210bd3697d802f
SHA1

a2fdc33ae493c877b3e27c015ab4795bf53f9ef6
SHA256

36ea5a5e3414e130e182c3565f8501e30a17a1e3d2e269252a8c92ef61079148
SHA512

4147afbc2e400a5591391f14a984b7d94b600d8ed04474c5236f9b893a2d7fdc307ff1a5f054c4f390e25691430b2da442e80c3d0d127e885a18194a7fad37ce
SSDEEP

49152:raL9oV5U33BoyDADAdILkxMrcKiFASR9ktBc1+Q4YdxSChG38bDUggR9t:ds3RohYnEvi5HktBcwQDM2YIDULHt

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2692	7e91b8d468217f1143210bd3697d802f.exe

Executes dropped EXE 1 IoCs

pid	Process
2692	7e91b8d468217f1143210bd3697d802f.exe

Loads dropped DLL 1 IoCs

pid	Process
1352	7e91b8d468217f1143210bd3697d802f.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1352-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0007000000012284-10.dat	upx
behavioral1/files/0x0007000000012284-13.dat	upx
behavioral1/files/0x0007000000012284-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1352	7e91b8d468217f1143210bd3697d802f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1352	7e91b8d468217f1143210bd3697d802f.exe
2692	7e91b8d468217f1143210bd3697d802f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 2692	1352	7e91b8d468217f1143210bd3697d802f.exe	28
PID 1352 wrote to memory of 2692	1352	7e91b8d468217f1143210bd3697d802f.exe	28
PID 1352 wrote to memory of 2692	1352	7e91b8d468217f1143210bd3697d802f.exe	28
PID 1352 wrote to memory of 2692	1352	7e91b8d468217f1143210bd3697d802f.exe	28

C:\Users\Admin\AppData\Local\Temp\7e91b8d468217f1143210bd3697d802f.exe
"C:\Users\Admin\AppData\Local\Temp\7e91b8d468217f1143210bd3697d802f.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Local\Temp\7e91b8d468217f1143210bd3697d802f.exe
  C:\Users\Admin\AppData\Local\Temp\7e91b8d468217f1143210bd3697d802f.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7e91b8d468217f1143210bd3697d802f.exe

Filesize
1.0MB

MD5
05491f34be877fd6bdfff4ab20e6f8dd

SHA1
63ff9926c5fb3d3f845b0bd4ed29d84c231d5177

SHA256
c11615b40872db6f39408d37280492f542a0f73e1016080768c7ab11ee2f1d06

SHA512
9aaf441fbe6276694414ba0d9d159f4e766e11e2ed30773734978c5fb0fb26b252ab2e70a0346c63b4f475633264b3ea4e11d842e99a651ee27af17b011fdadb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7e91b8d468217f1143210bd3697d802f.exe

Filesize
1.5MB

MD5
c4d16f0a92a3db521c23331e2cdb28fe

SHA1
d1dc3a7d105b84e3ff800b42b8a59d8f8bd33e91

SHA256
63a5723269f24b5dbcc1d087facdb6b1f0e7f86d942394f8ef927215cd4d5c41

SHA512
e3e90ae3c67a875c484fb045d39cc178c502640fac0d50bad66676fd33fc1623c008dae7403c43fb8404885d2e5ed8a5c1b09335d3606b9ca88a26d91afffe07

Download Submit
\Users\Admin\AppData\Local\Temp\7e91b8d468217f1143210bd3697d802f.exe

Filesize
1.1MB

MD5
2ccc73c734477fd46530c93b827c1894

SHA1
699d990b841fc1968ba4d67c33fd0fe8673336b2

SHA256
c50564941f428ee4d1238eca0962d4e8180d4c7b3a6b5a3601cd920e3c39db1a

SHA512
452dea52cce6430e027d86e79f62fb43c11cb4c4610006b5a7438a4354278931e399344ffa48eedc9d961e7463aef26f817f29b9b52e30fdae77edd3dffb7aa6

Download Submit
memory/1352-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1352-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1352-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1352-15-0x0000000003860000-0x0000000003D47000-memory.dmp

Filesize
4.9MB

Download
memory/1352-1-0x0000000000280000-0x00000000003B1000-memory.dmp

Filesize
1.2MB

Download
memory/1352-31-0x0000000003860000-0x0000000003D47000-memory.dmp

Filesize
4.9MB

Download
memory/2692-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2692-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2692-19-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2692-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2692-24-0x0000000003410000-0x0000000003632000-memory.dmp

Filesize
2.1MB

Download
memory/2692-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download