6fc11b91ce2da60380234461f3a0a627b43c624b59de0b152524a5a254129c6f

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 07:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f3c6aa6a6063939810743e79b6dc0b0.exe
Size

5.8MB
MD5

7f3c6aa6a6063939810743e79b6dc0b0
SHA1

2489983a4e07390c31613cc8e02c28d4bb019960
SHA256

6fc11b91ce2da60380234461f3a0a627b43c624b59de0b152524a5a254129c6f
SHA512

f68eaa27877f0b59566b0c4b2a3eb770a2fe12a77ac19a0d1182a6a593531e055aeda0487cc51608f08cefbc55e4a63d787a3454ce8868cddafac42f26801b17
SSDEEP

98304:tpGUeX4sLfDBJAsrW4gplurxkK+0Nh7AC96JP2mA6AsrW4gplurxkK+0Nh7A:blU9DDBWsS44Aj9GAhsS44A

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2172	7f3c6aa6a6063939810743e79b6dc0b0.exe

Executes dropped EXE 1 IoCs

pid	Process
2172	7f3c6aa6a6063939810743e79b6dc0b0.exe

Loads dropped DLL 1 IoCs

pid	Process
2340	7f3c6aa6a6063939810743e79b6dc0b0.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2340-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000015f01-13.dat	upx
behavioral1/files/0x0009000000015f01-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2340	7f3c6aa6a6063939810743e79b6dc0b0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2340	7f3c6aa6a6063939810743e79b6dc0b0.exe
2172	7f3c6aa6a6063939810743e79b6dc0b0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 2172	2340	7f3c6aa6a6063939810743e79b6dc0b0.exe	28
PID 2340 wrote to memory of 2172	2340	7f3c6aa6a6063939810743e79b6dc0b0.exe	28
PID 2340 wrote to memory of 2172	2340	7f3c6aa6a6063939810743e79b6dc0b0.exe	28
PID 2340 wrote to memory of 2172	2340	7f3c6aa6a6063939810743e79b6dc0b0.exe	28

C:\Users\Admin\AppData\Local\Temp\7f3c6aa6a6063939810743e79b6dc0b0.exe
"C:\Users\Admin\AppData\Local\Temp\7f3c6aa6a6063939810743e79b6dc0b0.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Users\Admin\AppData\Local\Temp\7f3c6aa6a6063939810743e79b6dc0b0.exe
  C:\Users\Admin\AppData\Local\Temp\7f3c6aa6a6063939810743e79b6dc0b0.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7f3c6aa6a6063939810743e79b6dc0b0.exe

Filesize
218KB

MD5
01a2d8d05c493a7c71594d6238774a38

SHA1
c3ae8c3b0d7ff009a3615859eeaf8766a8d69f78

SHA256
a0155f39d6bb1f8dafdeaaefbdb1ba5bb00972cc0fca76f69a59bd070c9cbd5e

SHA512
f1a16270e6663914d2f5c7a05e7db112ae2b25edfdfb909a545616ea319e1f448bda5cde4001a1ed165e7609efc63300dc26958bfe4537ca82000a9373ce06e7

Download Submit
\Users\Admin\AppData\Local\Temp\7f3c6aa6a6063939810743e79b6dc0b0.exe

Filesize
313KB

MD5
a85604939fb69e6daccc738358173fcf

SHA1
9c39694252c75a615e132216f0a8ce6e193457af

SHA256
26477a568c59c85af14483b6bff4ebc6ef22d2c53a766acd3c325151a79ee4ae

SHA512
026f9083e68c528a0ce19f4412f383e74973749160d3460737f4545c89f69bf334654718fa31d86b3621162b6b6a4b2252fb30349c12a3c915b8c7f18323210f

Download Submit
memory/2172-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2172-20-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2172-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2172-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2172-25-0x0000000003700000-0x000000000392A000-memory.dmp

Filesize
2.2MB

Download
memory/2172-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2340-1-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2340-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2340-16-0x0000000004030000-0x000000000451F000-memory.dmp

Filesize
4.9MB

Download
memory/2340-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2340-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2340-31-0x0000000004030000-0x000000000451F000-memory.dmp

Filesize
4.9MB

Download