39be35a600befb79eaeabbe889acd36fd6335c8a4be98acee7b4de996235c354

Analysis

max time kernel
117s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 13:25

Target

a20178f963069aa52050dcfe24bb95d7.exe
Size

10.6MB
MD5

a20178f963069aa52050dcfe24bb95d7
SHA1

b151631e7109044faf4d566a2d7aaf7feeec4ba1
SHA256

39be35a600befb79eaeabbe889acd36fd6335c8a4be98acee7b4de996235c354
SHA512

58327dd1f9fc908584e9d4be5aa7880aa24234f494c9e987ee4727d72991d79d9ddbdd17b43bc1d504225443137e7eabd30fa9106910b78bcaf1ce691cfbf849
SSDEEP

196608:OrZGsO1cHo2gdw1xHo2gd1J0MAckNHo2gdw1xHo2gdD:OrpW2bc2M0Wkm2bc2M

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2076	a20178f963069aa52050dcfe24bb95d7.exe

Executes dropped EXE 1 IoCs

pid	Process
2076	a20178f963069aa52050dcfe24bb95d7.exe

Loads dropped DLL 1 IoCs

pid	Process
2672	a20178f963069aa52050dcfe24bb95d7.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2672-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x0008000000012287-10.dat	upx
behavioral1/files/0x0008000000012287-14.dat	upx
behavioral1/memory/2076-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2672	a20178f963069aa52050dcfe24bb95d7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2672	a20178f963069aa52050dcfe24bb95d7.exe
2076	a20178f963069aa52050dcfe24bb95d7.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2076	2672	a20178f963069aa52050dcfe24bb95d7.exe	28
PID 2672 wrote to memory of 2076	2672	a20178f963069aa52050dcfe24bb95d7.exe	28
PID 2672 wrote to memory of 2076	2672	a20178f963069aa52050dcfe24bb95d7.exe	28
PID 2672 wrote to memory of 2076	2672	a20178f963069aa52050dcfe24bb95d7.exe	28

\Users\Admin\AppData\Local\Temp\a20178f963069aa52050dcfe24bb95d7.exe

Filesize
103KB

MD5
4f9e78168f614931d94634c37cf990c8

SHA1
23e3c6045b16359ae91c02fce93a02a45899b39a

SHA256
15a9840ff7ed4a21df939dc747a9f336de5658996eabe4a93f608b2382c5f771

SHA512
e18be3673aad79f5ea8096638ecd5ea28466e61bd24f41fe10c5677abcb6bf64e51b007813f5356158eab3d847dac44ccff617c42806c66b10174f92e38872e0

Download Submit
memory/2076-18-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2076-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2076-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2076-24-0x0000000003580000-0x00000000037A2000-memory.dmp

Filesize
2.1MB

Download
memory/2076-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2076-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2672-2-0x0000000000130000-0x0000000000261000-memory.dmp

Filesize
1.2MB

Download
memory/2672-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2672-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2672-15-0x00000000048D0000-0x0000000004DB7000-memory.dmp

Filesize
4.9MB

Download
memory/2672-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download