7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27.exe
Size

62.6MB
MD5

a18975a60d05eac96967f6d8b86c33b5
SHA1

e712576fd23368ad274a2ce5b9e8c69ce8a24b21
SHA256

7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27
SHA512

a2fd04a016e1e92344c90f132e2a646a6bf6ac934241aee3c2e147559396f4031bcf2500df29ec987d2aba08bce0e7d9955bd8dc93f5431c954faf09c831e51c
SSDEEP

1572864:3yOQD7vFQqMrlpA+Ql4a0RCdvIdYrxquNQZATTb9BX:iOKJykll00vRrxD/T7X

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2620	7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27.exe
2620	7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27.exe
2620	7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27.exe
2620	7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27.exe
2620	7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27.exe
2620	7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27.exe
2620	7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000020926-788.dat	upx
behavioral1/memory/2620-790-0x000007FEF5930000-0x000007FEF5D9E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2620	2416	7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27.exe	30
PID 2416 wrote to memory of 2620	2416	7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27.exe	30
PID 2416 wrote to memory of 2620	2416	7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27.exe	30

C:\Users\Admin\AppData\Local\Temp\7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27.exe
"C:\Users\Admin\AppData\Local\Temp\7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Users\Admin\AppData\Local\Temp\7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27.exe
  "C:\Users\Admin\AppData\Local\Temp\7a93733f15b4150206f59c955f5372544acf61bf6d5b5025c24927d66cfa2b27.exe"
  2⤵
  - Loads dropped DLL
  PID:2620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI24162\api-ms-win-core-file-l1-2-0.dll

Filesize
18KB

MD5
19df2b0f78dc3d8c470e836bae85e1ff

SHA1
03f2b5b848a51ee52980bf8595c559b89865de07

SHA256
bd9e07bbc62ce82dbc30c23069a17fbfa17f1c26a9c19e50fe754d494e6cd0b1

SHA512
c1c2b97f484e640bfdda17f7ed604d0583c3d4eaf21abf35491ccedc37fa4866480b59a692776687e5fda3eaeafb4c7bdb34dec91f996fd377a328a89c8d5724

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24162\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
adb3471f89e47cd93b6854d629906809

SHA1
2cfc0c379fd7f23db64d15bdff2925778ff65188

SHA256
355633a84db0816ab6a340a086fb41c65854c313bd08d427a17389c42a1e5b69

SHA512
f53e11aa35911d226b676d454e873d0e84c189dd1caea8a0fe54d738933cd6b139eca48630f37f5979ef898950d99f3277cba6c7a697103f505d876bea62818c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24162\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
6b4f2ca3efceb2c21e93f92cdc150a9d

SHA1
2532af7a64ef4b5154752f61290dcf9ebeea290f

SHA256
b39a515b9e48fc6589703d45e14dcea2273a02d7fa6f2e1d17985c0228d32564

SHA512
63a42dd1cb95fd38ddde562108c78e39cb5d7c9406bf749339e717c2cd866f26268d49b6bd966b338de1c557a426a01a24c2480f64762fef587bc09d44ada53b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24162\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
247061d7c5542286aeddade76897f404

SHA1
7285f85440b6eff8731943b73502f58ae40e95a2

SHA256
ccb974c24ddfa7446278ca55fc8b236d0605d2caaf273db8390d1813fc70cd5b

SHA512
23ef467f6bb336d3e8c38000d30a92dac68e2662891863475ff18dbddbbbce909c12d241b86dbdea085e7d19c82cd20d80a60ffb2845f6afebedf06507afe5bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24162\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
bdd63ea2508c27b43e6d52b10da16915

SHA1
2a379a1ac406f70002f200e1af4fed95b62e7cb8

SHA256
7d4252ab1b79c5801b58a08ce16efd3b30d8235733028e5823f3709bd0a98bcf

SHA512
b0393f0d2eb2173766238d2139ae7dea7a456606f7cb1b0e8bc0375a405bc25d28ef1c804802dddb5c3dbd88cfd047bfa5c93cbb475d1d6b5a9a893b51e25128

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24162\python310.dll

Filesize
1.4MB

MD5
701e2e5d0826f378a53dc5c83164c741

SHA1
62725dbee8546a7c9751679669c4aeb829bcb5a7

SHA256
9db7ebafff20370df1ae6fc5ee98962e03fcfc02ec47abed28802191f6750dd2

SHA512
df30dfba245a64f72bcf8c478d94a9902797493ce25f266fa04a0b67ad7887c8f9253404c0425285342ae771c8a44ae414887447f14d76c696f7902933367f1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI24162\ucrtbase.dll

Filesize
959KB

MD5
34168a4af676d6a5733bbf7a0905d3c7

SHA1
ba63e51ab3cd90666eb9a9bb0232502a5ec629ff

SHA256
2ab2a74bcb5bfd8248d232eb3bc56698fb5173b9ff7fc0daf87d8120d0f448d7

SHA512
c049c166b2b00dc30b0edae5d78badfffea7fb105f0cff9f3ae2c947ddf3ecde6331855b7ebed3f4ce923cc365b053b3a679319b2c6efa85ed0b9a7ddb5676ab

Download Submit
memory/2620-790-0x000007FEF5930000-0x000007FEF5D9E000-memory.dmp

Filesize
4.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads