da81e40b2ee151af23fb6d9393c3248d4c1722b3cc287030e1ee310cdab8ec9a

Analysis

max time kernel
22s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 21:47

Target

da81e40b2ee151af23fb6d9393c3248d4c1722b3cc287030e1ee310cdab8ec9a.exe
Size

339KB
MD5

70931aeb3ee904258c26992183a47485
SHA1

88fc4933b34fd726eed5236abdc170a3ea38cc3c
SHA256

da81e40b2ee151af23fb6d9393c3248d4c1722b3cc287030e1ee310cdab8ec9a
SHA512

96d50deb981f3fa5499077d095dd4a982323ce3ad0d7bf04a34d341bfc1f37e458b91954d4ba3d6fe17ab7368e4ae68e7326c485cd567678d72f437a2d3bbb9f
SSDEEP

6144:xycPaZZd5ZbVyuJLMExvHVBwQCIVmPjAsD2QFUlijXXuiYuj7TBE:xVPOd5Zkc4yXyPr/FhX+cjPBE

Score

8^/10

upx

Executes dropped EXE 1 IoCs

Processes:

667957557541198868.exe

pid process

1952 667957557541198868.exe

pid	process
1952	667957557541198868.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/2012-57-0x0000000000400000-0x0000000000418000-memory.dmp	upx

Loads dropped DLL 1 IoCs

Processes:

da81e40b2ee151af23fb6d9393c3248d4c1722b3cc287030e1ee310cdab8ec9a.exe

pid process

2012 da81e40b2ee151af23fb6d9393c3248d4c1722b3cc287030e1ee310cdab8ec9a.exe

pid	process
2012	da81e40b2ee151af23fb6d9393c3248d4c1722b3cc287030e1ee310cdab8ec9a.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

da81e40b2ee151af23fb6d9393c3248d4c1722b3cc287030e1ee310cdab8ec9a.exe

description	pid	process	target process
PID 2012 wrote to memory of 1952	2012	da81e40b2ee151af23fb6d9393c3248d4c1722b3cc287030e1ee310cdab8ec9a.exe	667957557541198868.exe
PID 2012 wrote to memory of 1952	2012	da81e40b2ee151af23fb6d9393c3248d4c1722b3cc287030e1ee310cdab8ec9a.exe	667957557541198868.exe
PID 2012 wrote to memory of 1952	2012	da81e40b2ee151af23fb6d9393c3248d4c1722b3cc287030e1ee310cdab8ec9a.exe	667957557541198868.exe
PID 2012 wrote to memory of 1952	2012	da81e40b2ee151af23fb6d9393c3248d4c1722b3cc287030e1ee310cdab8ec9a.exe	667957557541198868.exe

C:\Users\Admin\AppData\Local\Temp\se_133869533\667957557541198868.exe
"C:\Users\Admin\AppData\Local\Temp\se_133869533\667957557541198868.exe"
2⤵
- Executes dropped EXE
PID:1952

C:\Users\Admin\AppData\Local\Temp\se_133869533\667957557541198868.exe
Filesize
488KB

MD5
cd370c2a2b7d4f6239dd338eae273113

SHA1
b42e6645b89a7cc4ac42d343c9dd170ac81a65c1

SHA256
a1da5ac48f8a8038f475434dddfd82e9c4675a66ef8062eb7914fbe80b9943e0

SHA512
056d93c2ec257e4ac2ee84bf2a67e48316cec916eebed228f9c03720bacc885de22b5922676a38606638655c6445a55b8faa0c97f4e1b929fa01c6637e82629a

Download Submit
\Users\Admin\AppData\Local\Temp\se_133869533\667957557541198868.exe
Filesize
488KB

MD5
cd370c2a2b7d4f6239dd338eae273113

SHA1
b42e6645b89a7cc4ac42d343c9dd170ac81a65c1

SHA256
a1da5ac48f8a8038f475434dddfd82e9c4675a66ef8062eb7914fbe80b9943e0

SHA512
056d93c2ec257e4ac2ee84bf2a67e48316cec916eebed228f9c03720bacc885de22b5922676a38606638655c6445a55b8faa0c97f4e1b929fa01c6637e82629a

Download Submit
memory/1952-55-0x0000000000000000-mapping.dmp

Download
memory/2012-57-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download