d3366060dc6519fa73218d9bad8efa780a9a81cdddf0c1824a1b566bbb26cbe3

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f83629b1be4a9ed75c23c64e6bd71aa.exe
Size

2.9MB
MD5

7f83629b1be4a9ed75c23c64e6bd71aa
SHA1

2ce7351821e070ae9464358f9a62a0dab34997d4
SHA256

d3366060dc6519fa73218d9bad8efa780a9a81cdddf0c1824a1b566bbb26cbe3
SHA512

53518e369fa68fc404e99b94018a27636beaa866137378afaaed03def87853825207bc6011b577617bb96ee142cfd1da4ba9607e6694f2a03a83e854c050ce97
SSDEEP

49152:cC88Wq4OTRGZ5reuTJCceEZSfolj6PJySwxbAggUZiWS5vtWoY+I3OlJVX9+rhjX:j8/XOTcn58cEc6RySwpz+WS1IoK3cds/

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2700	7f83629b1be4a9ed75c23c64e6bd71aa.exe

Executes dropped EXE 1 IoCs

pid	Process
2700	7f83629b1be4a9ed75c23c64e6bd71aa.exe

Loads dropped DLL 1 IoCs

pid	Process
1948	7f83629b1be4a9ed75c23c64e6bd71aa.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1948-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000012251-10.dat	upx
behavioral1/files/0x0009000000012251-13.dat	upx
behavioral1/files/0x0009000000012251-12.dat	upx
behavioral1/memory/2700-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1948	7f83629b1be4a9ed75c23c64e6bd71aa.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1948	7f83629b1be4a9ed75c23c64e6bd71aa.exe
2700	7f83629b1be4a9ed75c23c64e6bd71aa.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2700	1948	7f83629b1be4a9ed75c23c64e6bd71aa.exe	28
PID 1948 wrote to memory of 2700	1948	7f83629b1be4a9ed75c23c64e6bd71aa.exe	28
PID 1948 wrote to memory of 2700	1948	7f83629b1be4a9ed75c23c64e6bd71aa.exe	28
PID 1948 wrote to memory of 2700	1948	7f83629b1be4a9ed75c23c64e6bd71aa.exe	28

C:\Users\Admin\AppData\Local\Temp\7f83629b1be4a9ed75c23c64e6bd71aa.exe
"C:\Users\Admin\AppData\Local\Temp\7f83629b1be4a9ed75c23c64e6bd71aa.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Users\Admin\AppData\Local\Temp\7f83629b1be4a9ed75c23c64e6bd71aa.exe
  C:\Users\Admin\AppData\Local\Temp\7f83629b1be4a9ed75c23c64e6bd71aa.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7f83629b1be4a9ed75c23c64e6bd71aa.exe

Filesize
115KB

MD5
f4443213df0486bba2027d5df1c7ad23

SHA1
5aa89d3479524337f23b8c584eaad023e895e7e2

SHA256
3253497bacbc02d433c86c4bb110377f13ee5bfbb942d0b4abac491c1c988a10

SHA512
bb8bf7e3f94bacd463fc384453f292ab5a999ee8d105e855828efa8302b78291a292091ced91c96a8e010ef7d2e63e183f330da97c63874126868060ca09fb9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7f83629b1be4a9ed75c23c64e6bd71aa.exe

Filesize
114KB

MD5
044e6ca3afd79da9003db443e5d1a999

SHA1
1709b6f3ea8b9caee62e3288f6dfbcdd260fbb7f

SHA256
12e1722d2ed72eb3118f6f2e4c5fa30711108ee2cb2bc4d101fdbcc4a550e76f

SHA512
499da3edb7209bd646536120218453b73c3dbcfe952c4bab04c342260d17ebcc7388779f354b695c13f4914a50b594a729555f6c535c884a6c04ccd03dca9fe9

Download Submit
\Users\Admin\AppData\Local\Temp\7f83629b1be4a9ed75c23c64e6bd71aa.exe

Filesize
175KB

MD5
6acd3eea1c0266e92205130aea49497b

SHA1
da6b0b33687f39c3ac4bbc08e5b82be5943f6768

SHA256
5ee0a4467a94ba45a77313ddc6b597fef38db87281ca6065aa09aaf46bef27eb

SHA512
6472dbb6d573f43b992d02d07ad12afda82da434054598852479e3b8ebb9cb916f880c318b9c256328579858f0a2849256fa303e6a8ba4e790032e1a619a1659

Download Submit
memory/1948-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1948-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1948-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1948-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1948-15-0x0000000003980000-0x0000000003E6F000-memory.dmp

Filesize
4.9MB

Download
memory/1948-31-0x0000000003980000-0x0000000003E6F000-memory.dmp

Filesize
4.9MB

Download
memory/2700-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2700-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2700-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2700-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2700-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2700-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download