94d3f70c938c8e26bfcaac02d071f3fcaefebcafe614b94f7ad90c0380f0fd3c

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ff8d1512d910ca1e655cdfa1e1859c9.exe
Size

1.3MB
MD5

7ff8d1512d910ca1e655cdfa1e1859c9
SHA1

e9ba02c0240a3a2e4284748b12a1aa160f72a6e8
SHA256

94d3f70c938c8e26bfcaac02d071f3fcaefebcafe614b94f7ad90c0380f0fd3c
SHA512

81a11fc3941b147391f86017b0d38155b8a7169fa030b301550dfa4eaf0d8f208ad0acfd8632fc53de247030e22da687f11d711b3765e7bf852601f103d1aca5
SSDEEP

24576:IAWa1DBt1V//7jfFLhy/iM5U28Vpqa/iLMWbhoqqTrzxX0rWO:Ixa1DBtqtnGxi/oqqTr1XSf

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2516	7ff8d1512d910ca1e655cdfa1e1859c9.exe

Executes dropped EXE 1 IoCs

pid	Process
2516	7ff8d1512d910ca1e655cdfa1e1859c9.exe

Loads dropped DLL 1 IoCs

pid	Process
1644	7ff8d1512d910ca1e655cdfa1e1859c9.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1644-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000e000000012670-10.dat	upx
behavioral1/memory/2516-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000e000000012670-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1644	7ff8d1512d910ca1e655cdfa1e1859c9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1644	7ff8d1512d910ca1e655cdfa1e1859c9.exe
2516	7ff8d1512d910ca1e655cdfa1e1859c9.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 2516	1644	7ff8d1512d910ca1e655cdfa1e1859c9.exe	28
PID 1644 wrote to memory of 2516	1644	7ff8d1512d910ca1e655cdfa1e1859c9.exe	28
PID 1644 wrote to memory of 2516	1644	7ff8d1512d910ca1e655cdfa1e1859c9.exe	28
PID 1644 wrote to memory of 2516	1644	7ff8d1512d910ca1e655cdfa1e1859c9.exe	28

C:\Users\Admin\AppData\Local\Temp\7ff8d1512d910ca1e655cdfa1e1859c9.exe
"C:\Users\Admin\AppData\Local\Temp\7ff8d1512d910ca1e655cdfa1e1859c9.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Users\Admin\AppData\Local\Temp\7ff8d1512d910ca1e655cdfa1e1859c9.exe
  C:\Users\Admin\AppData\Local\Temp\7ff8d1512d910ca1e655cdfa1e1859c9.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2516

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7ff8d1512d910ca1e655cdfa1e1859c9.exe

Filesize
720KB

MD5
7edd4470aab84a840b4eb4675fbb2045

SHA1
368ac84ae1c4a32aed46ea626f25b6ac6d7f0391

SHA256
ecda4686b06d6ff64bc251cd23fdcb84d9583cc02b0e60108caef2b350b9fa09

SHA512
67119a65811cc43c4361978e13b0703dcf2870803f84b4e8f36beaf8a31227060d0cdc6b5968bf5ef928e557b94cbebf8c66b69aa0eeee9d45c6b5aaa3e54790

Download Submit
\Users\Admin\AppData\Local\Temp\7ff8d1512d910ca1e655cdfa1e1859c9.exe

Filesize
620KB

MD5
aea850704f194a17a1db8f5d85ac3ab7

SHA1
893defe8eadcaa7709b8d6f122b7d868ee717575

SHA256
4dca1cab3283c0c9aa0f6f8a61dc8f00a44e6c65b618af761dc7f77bedac09fb

SHA512
4aaf6c7edd71af528b27b9455e0c1d10c2e1a8c5dd96b9a3e66ef523dd11c54bbecb5960ecccc49611e8ac2a2bcdb769a869e262c9537179bb4b48e000c58bdb

Download Submit
memory/1644-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1644-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1644-14-0x00000000034D0000-0x00000000039BF000-memory.dmp

Filesize
4.9MB

Download
memory/1644-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1644-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1644-31-0x00000000034D0000-0x00000000039BF000-memory.dmp

Filesize
4.9MB

Download
memory/2516-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2516-19-0x0000000000240000-0x0000000000373000-memory.dmp

Filesize
1.2MB

Download
memory/2516-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2516-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2516-26-0x00000000034D0000-0x00000000036FA000-memory.dmp

Filesize
2.2MB

Download
memory/2516-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download