123bbf72ffee76928b2ff76f6cc6ae6886037338bf081f97fd40ac3ff95489a8

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 22:59

Target

41c5272a3117496b94a25f3915fe4d39.exe
Size

59KB
MD5

41c5272a3117496b94a25f3915fe4d39
SHA1

0a90f63770d729d34de1812e4d480e5fccfec4fc
SHA256

123bbf72ffee76928b2ff76f6cc6ae6886037338bf081f97fd40ac3ff95489a8
SHA512

8cc70282d94934bac9fde678bf68a937e8ca386ccc5f0b775f0ca4231d39f1ac445ad016545c17c3d3bae0760b51cb61a3490fb913f42ede6f1ac579b3d488e9
SSDEEP

1536:mJkYAJVMMyLxsp3oV/AalaKr2rKjMi+AXHMxgi8KZ:me19q9Kuz+Ksnh

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2660	41c5272a3117496b94a25f3915fe4d39.exe

Executes dropped EXE 1 IoCs

pid	Process
2660	41c5272a3117496b94a25f3915fe4d39.exe

Loads dropped DLL 1 IoCs

pid	Process
3008	41c5272a3117496b94a25f3915fe4d39.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3008-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral1/files/0x000b00000001224d-10.dat	upx
behavioral1/memory/3008-14-0x0000000000180000-0x00000000001BD000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3008	41c5272a3117496b94a25f3915fe4d39.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3008	41c5272a3117496b94a25f3915fe4d39.exe
2660	41c5272a3117496b94a25f3915fe4d39.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 2660	3008	41c5272a3117496b94a25f3915fe4d39.exe	29
PID 3008 wrote to memory of 2660	3008	41c5272a3117496b94a25f3915fe4d39.exe	29
PID 3008 wrote to memory of 2660	3008	41c5272a3117496b94a25f3915fe4d39.exe	29
PID 3008 wrote to memory of 2660	3008	41c5272a3117496b94a25f3915fe4d39.exe	29

\Users\Admin\AppData\Local\Temp\41c5272a3117496b94a25f3915fe4d39.exe

Filesize
59KB

MD5
d10d2f3000d8d904b188fcee0c35e617

SHA1
c171975f6fbcab821f0f5fc7a360f38ef029b065

SHA256
08726b07907bf5bd3fd329b2e4f2499eb06b8d2504ca0523533fa3dd4b056a34

SHA512
8637aed88b4376632aebe48f6c17d3b6b55d8e219f0c7ff70e6eaa6f7cabf718cfb0a297619163a7bbde699fa084cf8d2795de9327da8a0c7c371b48a55df2c0

Download Submit
memory/2660-17-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2660-18-0x0000000000030000-0x000000000003F000-memory.dmp

Filesize
60KB

Download
memory/2660-19-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2660-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2660-29-0x0000000000170000-0x000000000018D000-memory.dmp

Filesize
116KB

Download
memory/2660-30-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3008-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3008-1-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3008-5-0x0000000000030000-0x000000000003F000-memory.dmp

Filesize
60KB

Download
memory/3008-15-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3008-14-0x0000000000180000-0x00000000001BD000-memory.dmp

Filesize
244KB

Download