852457279a60f982fb82b7a1eb935ec52e139d6dafff78094eb9699cd83b41a0

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 10:30

Target

1753538870ccee2f5c12e6c37412e33f.exe
Size

115KB
MD5

1753538870ccee2f5c12e6c37412e33f
SHA1

eba5e3772892283a9822f32209a12597b699654a
SHA256

852457279a60f982fb82b7a1eb935ec52e139d6dafff78094eb9699cd83b41a0
SHA512

d77ae258b64a31d882f993531ef51a9bf26a75e26b00130ec1659b3f3337cdca1ac2b6ecd00ce0def5fea10e207a017a9c4c8a090b90307fd914e932273daa48
SSDEEP

3072:g+VqGiO+d1fCHlpHxJUx60i6zYeTktn5keLZos2nB1zd:tPiLdcHlBxJIU+YeIt5k5

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2124	1753538870ccee2f5c12e6c37412e33f.exe

Executes dropped EXE 1 IoCs

pid	Process
2124	1753538870ccee2f5c12e6c37412e33f.exe

Loads dropped DLL 1 IoCs

pid	Process
2156	1753538870ccee2f5c12e6c37412e33f.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2156-0-0x0000000000400000-0x0000000000475000-memory.dmp	upx
behavioral1/files/0x0009000000012257-11.dat	upx
behavioral1/memory/2156-13-0x0000000000170000-0x00000000001E5000-memory.dmp	upx
behavioral1/memory/2124-18-0x0000000000400000-0x0000000000475000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2156	1753538870ccee2f5c12e6c37412e33f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2156	1753538870ccee2f5c12e6c37412e33f.exe
2124	1753538870ccee2f5c12e6c37412e33f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2124	2156	1753538870ccee2f5c12e6c37412e33f.exe	29
PID 2156 wrote to memory of 2124	2156	1753538870ccee2f5c12e6c37412e33f.exe	29
PID 2156 wrote to memory of 2124	2156	1753538870ccee2f5c12e6c37412e33f.exe	29
PID 2156 wrote to memory of 2124	2156	1753538870ccee2f5c12e6c37412e33f.exe	29

\Users\Admin\AppData\Local\Temp\1753538870ccee2f5c12e6c37412e33f.exe

Filesize
115KB

MD5
2fb59c46c052ea2f241464efb46bbf68

SHA1
b2e35e3d61fef11c2c339bdbf4ef5f60daba1adf

SHA256
579b1da6f1f965a9ee4fb972a154e6463fdd21d1ad0f3df3fee1f7c8970e9493

SHA512
8491fe4046b5da732062efdaf0fc08787ab17f9f15169bff265bc3d1c82ad59279cf095bd78e61dac51c45a05e219c8c23074b348effdd9a65c3fb4757bb108d

Download Submit
memory/2124-18-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2124-19-0x0000000000140000-0x000000000015D000-memory.dmp

Filesize
116KB

Download
memory/2124-26-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2124-31-0x0000000000170000-0x000000000018D000-memory.dmp

Filesize
116KB

Download
memory/2124-32-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2156-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2156-1-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2156-3-0x0000000000140000-0x000000000015D000-memory.dmp

Filesize
116KB

Download
memory/2156-13-0x0000000000170000-0x00000000001E5000-memory.dmp

Filesize
468KB

Download
memory/2156-16-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download