154f5c4071cc2c1d664564063c15fa90297356ae66e0ae758b47d0c11a1972a2

Analysis

max time kernel
0s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 20:13

Target

101c2bd1e509b7862c64987482990432.exe
Size

227KB
MD5

101c2bd1e509b7862c64987482990432
SHA1

1dbeaccf1e0d2753643432611b61b689ba2d6539
SHA256

154f5c4071cc2c1d664564063c15fa90297356ae66e0ae758b47d0c11a1972a2
SHA512

dc497493bd49728ce106d364af4e6e91c49089a42f425f0b560a6cbbc1e2014ae90c1ae87f065193fa3dbd9bffbff4151d3d3eae74a91d6465ab91cc429f928c
SSDEEP

6144:KifApVMqplDf/h5O/lBC8+2hyDRlX7llrnz2P4t8oSRVdk:9fk6kDqHw2hmxlrz2HoSRc

Score

7^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2376-43-0x00000000028D0000-0x000000000296E000-memory.dmp	upx
behavioral1/memory/2696-47-0x00000000000C0000-0x000000000015E000-memory.dmp	upx
behavioral1/memory/2376-0-0x00000000000C0000-0x000000000015E000-memory.dmp	upx
behavioral1/memory/2376-135-0x00000000000C0000-0x000000000015E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2300	2376	101c2bd1e509b7862c64987482990432.exe	18
PID 2376 wrote to memory of 2300	2376	101c2bd1e509b7862c64987482990432.exe	18
PID 2376 wrote to memory of 2300	2376	101c2bd1e509b7862c64987482990432.exe	18
PID 2376 wrote to memory of 2300	2376	101c2bd1e509b7862c64987482990432.exe	18

C:\Users\Admin\AppData\Local\Temp\101c2bd1e509b7862c64987482990432.exe
"C:\Users\Admin\AppData\Local\Temp\101c2bd1e509b7862c64987482990432.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\SysWOW64\cscript.exe
  cscript //NoLogo C:\Users\Admin\AppData\Local\Temp\hd.vbs
  2⤵
  PID:2300
- C:\Users\Admin\AppData\Local\Temp\101C2B~1.EXE
  "C:\Users\Admin\AppData\Local\Temp\101C2B~1.EXE" /asService /logPath "C:\Users\Admin\AppData\Local\Temp\ZonaInstall.log"
  2⤵
  PID:2696

memory/2376-43-0x00000000028D0000-0x000000000296E000-memory.dmp

Filesize
632KB

Download
memory/2376-44-0x00000000028D0000-0x000000000296E000-memory.dmp

Filesize
632KB

Download
memory/2376-0-0x00000000000C0000-0x000000000015E000-memory.dmp

Filesize
632KB

Download
memory/2376-135-0x00000000000C0000-0x000000000015E000-memory.dmp

Filesize
632KB

Download
memory/2696-47-0x00000000000C0000-0x000000000015E000-memory.dmp

Filesize
632KB

Download