7c16ae285279204748a77384b5cd59af0eb7c18f41196455325feba61726f304

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 23:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87f6f5ab879c7e22325ca49906021d8e.exe
Size

1.5MB
MD5

87f6f5ab879c7e22325ca49906021d8e
SHA1

60f5729d9ea64f5ee1661bfd23f0655076355692
SHA256

7c16ae285279204748a77384b5cd59af0eb7c18f41196455325feba61726f304
SHA512

260ad0b2a132e0be97917e11a7b5a266ad33b24aae5c9630aa22e00d4c3512d16ccef60a085e1b3b15b9cbbf2437083545513a341d5993e9d3816f24d40fc276
SSDEEP

24576:7aYuH1ZryqvJq5ane4J5nTJ37uVwGNIuvHKf+08SF9XcBQYzKIioVLf26W:mYuH/ryqvfne4J51uTN10+01YGbWLl

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1692	87f6f5ab879c7e22325ca49906021d8e.exe

Executes dropped EXE 1 IoCs

pid	Process
1692	87f6f5ab879c7e22325ca49906021d8e.exe

Loads dropped DLL 1 IoCs

pid	Process
2332	87f6f5ab879c7e22325ca49906021d8e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2332-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00090000000142c4-15.dat	upx
behavioral1/files/0x00090000000142c4-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2332	87f6f5ab879c7e22325ca49906021d8e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2332	87f6f5ab879c7e22325ca49906021d8e.exe
1692	87f6f5ab879c7e22325ca49906021d8e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 1692	2332	87f6f5ab879c7e22325ca49906021d8e.exe	28
PID 2332 wrote to memory of 1692	2332	87f6f5ab879c7e22325ca49906021d8e.exe	28
PID 2332 wrote to memory of 1692	2332	87f6f5ab879c7e22325ca49906021d8e.exe	28
PID 2332 wrote to memory of 1692	2332	87f6f5ab879c7e22325ca49906021d8e.exe	28

C:\Users\Admin\AppData\Local\Temp\87f6f5ab879c7e22325ca49906021d8e.exe
"C:\Users\Admin\AppData\Local\Temp\87f6f5ab879c7e22325ca49906021d8e.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Users\Admin\AppData\Local\Temp\87f6f5ab879c7e22325ca49906021d8e.exe
  C:\Users\Admin\AppData\Local\Temp\87f6f5ab879c7e22325ca49906021d8e.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\87f6f5ab879c7e22325ca49906021d8e.exe

Filesize
286KB

MD5
25ec3a0a33b793cbc6e08e77999a45a3

SHA1
75f7a61e612839d5f453e1b71f537115f8c8e7a8

SHA256
3d17f8b227085e0c713857cf9b1dcc6db6f1d3165c47f2d2659ff769dca1aade

SHA512
3e2dd81163156801cc920bfcc7e62debf1a3f0dbae0cbd6ff7f98460fa77f5199d95624dd2e8af2f580dc868390576e1412073b49aef21581e84c48437064990

Download Submit
\Users\Admin\AppData\Local\Temp\87f6f5ab879c7e22325ca49906021d8e.exe

Filesize
417KB

MD5
65bbfd97b143d85d924fd6ceec79e313

SHA1
d20a1a39c74256ff302d58358326e39a1bd5141f

SHA256
6bb0cbc98c4ca06cac4572115e808fc930d78300b2c73bbc1dbe82a3d260042f

SHA512
37474848e514d054198d69b20bc85f2849e4850ebf2dbe3df64f6d11c7c50473f9016ed84996c639a123143ec0827b592c948060336ad8b898d0f0476af29b9f

Download Submit
memory/1692-20-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1692-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1692-18-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1692-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/1692-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1692-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2332-14-0x0000000003530000-0x0000000003A1F000-memory.dmp

Filesize
4.9MB

Download
memory/2332-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2332-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2332-3-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2332-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2332-31-0x0000000003530000-0x0000000003A1F000-memory.dmp

Filesize
4.9MB

Download