7820c820e51ae4a2557d01fccf3d94d662cb1c2c2b5620567e5ba5f91599a976

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

872d68401392eea1fd94bc7a17dc85c3.exe
Size

2.9MB
MD5

872d68401392eea1fd94bc7a17dc85c3
SHA1

76332133d28d2bd884580d4c6860cf649377ea15
SHA256

7820c820e51ae4a2557d01fccf3d94d662cb1c2c2b5620567e5ba5f91599a976
SHA512

66d944de1327161306ac015eb15badf55e22a135071cb4ff5a29eb3107295dc4203a14b53eb0814b02a5246c19034e3d77d0fbdf5e64f716bfc3023947567a8b
SSDEEP

49152:J8j379DXa52hYVxX8TpsN74NH5HUyNRcUsCVOzetdZJ:Y3l6xXKps4HBUCczzM3

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2248	872d68401392eea1fd94bc7a17dc85c3.exe

Executes dropped EXE 1 IoCs

pid	Process
2248	872d68401392eea1fd94bc7a17dc85c3.exe

Loads dropped DLL 1 IoCs

pid	Process
2980	872d68401392eea1fd94bc7a17dc85c3.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2980-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000014534-13.dat	upx
behavioral1/files/0x000b000000014534-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2980	872d68401392eea1fd94bc7a17dc85c3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2980	872d68401392eea1fd94bc7a17dc85c3.exe
2248	872d68401392eea1fd94bc7a17dc85c3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2248	2980	872d68401392eea1fd94bc7a17dc85c3.exe	28
PID 2980 wrote to memory of 2248	2980	872d68401392eea1fd94bc7a17dc85c3.exe	28
PID 2980 wrote to memory of 2248	2980	872d68401392eea1fd94bc7a17dc85c3.exe	28
PID 2980 wrote to memory of 2248	2980	872d68401392eea1fd94bc7a17dc85c3.exe	28

C:\Users\Admin\AppData\Local\Temp\872d68401392eea1fd94bc7a17dc85c3.exe
"C:\Users\Admin\AppData\Local\Temp\872d68401392eea1fd94bc7a17dc85c3.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Users\Admin\AppData\Local\Temp\872d68401392eea1fd94bc7a17dc85c3.exe
  C:\Users\Admin\AppData\Local\Temp\872d68401392eea1fd94bc7a17dc85c3.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2248

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\872d68401392eea1fd94bc7a17dc85c3.exe

Filesize
231KB

MD5
d84df96426c9fa606631435d8e8db38f

SHA1
7fe22e6006aadcd984ab712f152550085a83f647

SHA256
21cc60f43b5e3a96f34a5d75b3d9a750c32415a9dc33db6be8ee7dd59fee1db6

SHA512
52ff1dcaa608a92d0871d8504ba481e2a88202f17ac58c2ffe5cd215532ef9404faee5a6f5ad1e8ea09bf244190b2fc1d9de02207e237c28ce21a1b960262640

Download Submit
\Users\Admin\AppData\Local\Temp\872d68401392eea1fd94bc7a17dc85c3.exe

Filesize
324KB

MD5
8fc7283e9a331e775e5242011287159a

SHA1
8185c2809864013539da17be16c8c48fd8456d28

SHA256
b2507f9e7eb74265d548e90f78faf5beb9861611956d34337c3859cf706b336b

SHA512
6af8ed50d74efbb899930f9b20d63346f66e53e018c261a2c301d598b455da98b8089732985cdb163a55a85fbf40a6f8921b1afb1168fc74210e3a428701e1e4

Download Submit
memory/2248-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2248-15-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2248-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2248-25-0x00000000034E0000-0x000000000370A000-memory.dmp

Filesize
2.2MB

Download
memory/2248-20-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2248-34-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2980-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2980-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2980-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2980-18-0x0000000003810000-0x0000000003CFF000-memory.dmp

Filesize
4.9MB

Download
memory/2980-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2980-33-0x0000000003810000-0x0000000003CFF000-memory.dmp

Filesize
4.9MB

Download