6573704562ba201b6f98dad34f075e820bee55ba1df10cfeb77d909022d76364

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 10:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7f9646c1ceba002c8b83e89c3f89fda1.exe
Size

5.3MB
MD5

7f9646c1ceba002c8b83e89c3f89fda1
SHA1

952ee04c6edb8dd47f314dfadb29a33ea6e7767b
SHA256

6573704562ba201b6f98dad34f075e820bee55ba1df10cfeb77d909022d76364
SHA512

3705fa3b3908d2841e6ae307bd9c12f70bf0499e5bad6be9e68ef573a22eaf72dee7cded33b0e4ac093095e1a0e778fc1c76b0f16f62a9a969e01a7de12cc4c4
SSDEEP

49152:Ab4F6ExzvRvJoishTqlRhRVyjWammSE5P8CTNFPyeXpUrs4B0UuuZ04/axp426yL:Ay1RS1xVSI3yaQ77uM0yRK4CJxVSI3y

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2648	7f9646c1ceba002c8b83e89c3f89fda1.exe

Executes dropped EXE 1 IoCs

pid	Process
2648	7f9646c1ceba002c8b83e89c3f89fda1.exe

Loads dropped DLL 1 IoCs

pid	Process
1756	7f9646c1ceba002c8b83e89c3f89fda1.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1756-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0009000000012261-11.dat	upx
behavioral1/files/0x0009000000012261-14.dat	upx
behavioral1/memory/2648-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/memory/1756-16-0x0000000003EC0000-0x000000000432A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1756	7f9646c1ceba002c8b83e89c3f89fda1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1756	7f9646c1ceba002c8b83e89c3f89fda1.exe
2648	7f9646c1ceba002c8b83e89c3f89fda1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2648	1756	7f9646c1ceba002c8b83e89c3f89fda1.exe	28
PID 1756 wrote to memory of 2648	1756	7f9646c1ceba002c8b83e89c3f89fda1.exe	28
PID 1756 wrote to memory of 2648	1756	7f9646c1ceba002c8b83e89c3f89fda1.exe	28
PID 1756 wrote to memory of 2648	1756	7f9646c1ceba002c8b83e89c3f89fda1.exe	28

C:\Users\Admin\AppData\Local\Temp\7f9646c1ceba002c8b83e89c3f89fda1.exe
"C:\Users\Admin\AppData\Local\Temp\7f9646c1ceba002c8b83e89c3f89fda1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Users\Admin\AppData\Local\Temp\7f9646c1ceba002c8b83e89c3f89fda1.exe
  C:\Users\Admin\AppData\Local\Temp\7f9646c1ceba002c8b83e89c3f89fda1.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7f9646c1ceba002c8b83e89c3f89fda1.exe

Filesize
1.2MB

MD5
e5fd73e7d5a02ec221e7b407661a30dc

SHA1
3686db0e0942ae19ac65993edbaf8b1faa632679

SHA256
3843f98130aa01e7da3d827c50c11715892881dd9a38515cc9edc108aff41016

SHA512
59f8a6cf4e99a2408a2a2c5c631c9704cca636ae1b20f2effed653aab511d21222095667fee5bbe3924d0fc856d3185ee7a03855d0c97d33773c1ffb692d3d48

Download Submit
\Users\Admin\AppData\Local\Temp\7f9646c1ceba002c8b83e89c3f89fda1.exe

Filesize
221KB

MD5
b4d243f25b2374b1f5fbd26f29e871b8

SHA1
331624e21040794d7c47c0b378a60cfffe35c06e

SHA256
d61a9c3f04d6e664786971eff29eaedf6e0c11ac97bd9820d897af6fd8be82bd

SHA512
515a01c17eafdbaea3e142a62c88385f1a36c3500966dde8d2bbba42886c7f156baaa11a0f9d3a5f2c666b3b1ac6fb11d6c8e2ede80e32053f4c74b602c43d7a

Download Submit
memory/1756-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1756-2-0x00000000002A0000-0x00000000003B2000-memory.dmp

Filesize
1.1MB

Download
memory/1756-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1756-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1756-16-0x0000000003EC0000-0x000000000432A000-memory.dmp

Filesize
4.4MB

Download
memory/1756-26-0x0000000003EC0000-0x000000000432A000-memory.dmp

Filesize
4.4MB

Download
memory/2648-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2648-19-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2648-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2648-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download