1489b23bbd6c625178619170c1d4e7872a9dffd0806a5974977cb6bfb6e98439

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-01-2024 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f111792e6702df40a5ab53733e29f9d.exe
Size

5.3MB
MD5

7f111792e6702df40a5ab53733e29f9d
SHA1

064ce9579db2fa79b0d305db2886a6493af7cbda
SHA256

1489b23bbd6c625178619170c1d4e7872a9dffd0806a5974977cb6bfb6e98439
SHA512

aec8f1bb02a426e86507a9652cd72e70ca3bb0d90b02ee1cbd195ab5fd1c89ea9ece08596cdd286727a417b9b1382bcfc5317c46d86823553b5d759788606c45
SSDEEP

98304:Fyt8aNskNMcbQ0m4hl+ev8UFp0nghhuPe/6m01k8l+ev8UFp0:FyHlNHba4TH8USgnT6m01zH8U

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2412	7f111792e6702df40a5ab53733e29f9d.exe

Executes dropped EXE 1 IoCs

pid	Process
2412	7f111792e6702df40a5ab53733e29f9d.exe

Loads dropped DLL 1 IoCs

pid	Process
1992	7f111792e6702df40a5ab53733e29f9d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1992-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000c000000012327-14.dat	upx
behavioral1/files/0x000c000000012327-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1992	7f111792e6702df40a5ab53733e29f9d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1992	7f111792e6702df40a5ab53733e29f9d.exe
2412	7f111792e6702df40a5ab53733e29f9d.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2412	1992	7f111792e6702df40a5ab53733e29f9d.exe	28
PID 1992 wrote to memory of 2412	1992	7f111792e6702df40a5ab53733e29f9d.exe	28
PID 1992 wrote to memory of 2412	1992	7f111792e6702df40a5ab53733e29f9d.exe	28
PID 1992 wrote to memory of 2412	1992	7f111792e6702df40a5ab53733e29f9d.exe	28

C:\Users\Admin\AppData\Local\Temp\7f111792e6702df40a5ab53733e29f9d.exe
"C:\Users\Admin\AppData\Local\Temp\7f111792e6702df40a5ab53733e29f9d.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\Temp\7f111792e6702df40a5ab53733e29f9d.exe
  C:\Users\Admin\AppData\Local\Temp\7f111792e6702df40a5ab53733e29f9d.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7f111792e6702df40a5ab53733e29f9d.exe

Filesize
624KB

MD5
548ba1e20e5f3334ea26a490e39175a9

SHA1
1e7ba30721749acf58949f38b4c22954edb9a844

SHA256
388e35c525d88b86ec26a2bf6a858b08b50b3cc361281698914323b2dc6a7ce0

SHA512
1187ce389ffa02de7e9ac75a6bf13e5251f18bc648bd08c2c5ed0b742e70a9e906298cb7a5ef9b1ad3c1628b76320776d89191887e37df59e37008f5d1d279aa

Download Submit
\Users\Admin\AppData\Local\Temp\7f111792e6702df40a5ab53733e29f9d.exe

Filesize
955KB

MD5
031c87c7ff832bd043e55d85937183c0

SHA1
83df0024c9366862605633896534bf7781f67515

SHA256
0b52b167fec03fe49f2a1da6839f6dfa6b4f38c857b3ed3012c427a04260c9e3

SHA512
360341c0179faba1405d216fc3945fc91885799f63accd632852051ac5108100f9778d4baaf2cb02ee93b52f0a6077bb25be5d29548e669120ed5af8790a6036

Download Submit
memory/1992-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1992-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/1992-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1992-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2412-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2412-19-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2412-17-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2412-25-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download