692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-12-2024 09:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded.exe
Size

7.7MB
MD5

cf2fd595f2b300413b39d04295b09962
SHA1

a2d973cc7b81b03336744b453348e4567eeeb93c
SHA256

692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded
SHA512

a140cb98e703c02d89c357947d9d31244dd5050bcbf23717d195e6ebd723243bf380b228f951e0786418b3052fd7b30d3f892c2745f502601dc2b5eb4164e122
SSDEEP

196608:Xy0e8MeNTfm/pf+xk4dsTeRpmrbW3jmrS:Wcy/pWu46qRpmrbmyrS

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2856	692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded.exe
2856	692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded.exe
2856	692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded.exe
2856	692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded.exe
2856	692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded.exe
2856	692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded.exe
2856	692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a43f-72.dat	upx
behavioral1/memory/2856-74-0x000007FEF5680000-0x000007FEF5C68000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2856	1924	692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded.exe	30
PID 1924 wrote to memory of 2856	1924	692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded.exe	30
PID 1924 wrote to memory of 2856	1924	692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded.exe	30

C:\Users\Admin\AppData\Local\Temp\692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded.exe
"C:\Users\Admin\AppData\Local\Temp\692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Users\Admin\AppData\Local\Temp\692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded.exe
  "C:\Users\Admin\AppData\Local\Temp\692b7b7d17e574aa671e257d0c8e31ae9e869ea9985abbe15ac0388fe51e5ded.exe"
  2⤵
  - Loads dropped DLL
  PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI19242\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
5e2a9b9d83d943c4af82b6dc829bfe97

SHA1
22654769e7c79f1aa0e96a4c16dcb9ef865737aa

SHA256
902ffc6e350772803ac35568364005c09be5c5e5d3f18038e46e9316aed217ef

SHA512
d4a018aed49c84706038e118058832fe26d2727445bd6f4798ba9548f8afc5e746bde7a7329b0be5ddd106707983783932e7351b101cb729070b68c91c660ac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19242\api-ms-win-core-file-l2-1-0.dll

Filesize
11KB

MD5
17468cdcf52d507d7d1a740323bad663

SHA1
c647494e52d5dde86bde8d850b1a49cd17024ade

SHA256
ae7f15d92e43bfb351363d149c89a0fad8453e2b2d08fdcb4d224c535a648fa1

SHA512
fef4616c4fd1521ca500fda0fac947e96a4b89b48c98847b23f42c6e8a34073076a39bcece01f19c546d0a734a9b688948fc34d425fd1ef36dffc378335881ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19242\api-ms-win-core-localization-l1-2-0.dll

Filesize
14KB

MD5
3991a12b40096a59d48a95b54ad1c812

SHA1
464da16182fd1053f4633b29e83d9afdfc39f1e1

SHA256
2ee4d131e5492a9980efa47ae5a9e1aad3d5bccb062c26d28cb0c9559e973481

SHA512
5bfd17e39c4ff999db7f36fe2dd044df346f1ea352098b4e3033c7ff8c382d7f2897c46ad543266d72a29561b984667c8d0dc1d2a163e3fab67bbaf10ae17085

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19242\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
12KB

MD5
7922c25a9a206110d298eb1adb747dd7

SHA1
c4431817fbc6d39b6504c121a8775f174f6cb9d3

SHA256
0528474ae1b64b2ef0089b87d53d84a36b5792c381ea9459ceda87a29c5abb2a

SHA512
f90f86d6ccd18ddf292115a8a45a22248683460a8b90d371d42d5274f596bd91c4ef4b62531e00ea304cb99b239c6b7bd50d0a39db45e539649ff6622cfaa48c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19242\api-ms-win-core-timezone-l1-1-0.dll

Filesize
12KB

MD5
8e0be9b6baceb5babc308039618870e5

SHA1
515d98afb7d0c17861bc87b83d553d4e80ecf8fb

SHA256
83ea1b0e636eac733c221a4fff4ab19371d8dacb8e80fa8295d86fe72bd2942c

SHA512
b14755c0192560f3c535895d7013eb39e62f2d17a26747518828bed5a17668932e6ea60d00d9a798298cf3a391c0c48b3de23207a2b64e1e79b6f93fb5a1a249

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19242\python311.dll

Filesize
1.6MB

MD5
bb46b85029b543b70276ad8e4c238799

SHA1
123bdcd9eebcac1ec0fd2764a37e5e5476bb0c1c

SHA256
72c24e1db1ba4df791720a93ca9502d77c3738eebf8b9092a5d82aa8d80121d0

SHA512
5e993617509c1cf434938d6a467eb0494e04580ad242535a04937f7c174d429da70a6e71792fc3de69e103ffc5d9de51d29001a4df528cfffefdaa2cef4eaf31

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI19242\ucrtbase.dll

Filesize
986KB

MD5
1268674e0227fba666728f77e9ba01bd

SHA1
bfb0c3b94319d2e524a0b9246b45edbd3f90c3da

SHA256
6dada6c2ae69c792cfb3e90aac122810052d845ce875364bde885eef4f8fe9c4

SHA512
82a7956ebbd491294728ffb07f7d7effac44578bf4fb579449e129fca007271d5c211fe17e195c419c813280f2abe229fdfe805221e0325305e71ea04a361b50

Download Submit
memory/2856-74-0x000007FEF5680000-0x000007FEF5C68000-memory.dmp

Filesize
5.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads