41c021cee11a14eb5613d1d335403eb77fa322e5814b9f18b12dec4b153385f3

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 15:58

Target

2b336705c3824abfff0ef33d72da2198.exe
Size

139KB
MD5

2b336705c3824abfff0ef33d72da2198
SHA1

46bd6fc0664971ecdc8ce690f6c97603708bf68e
SHA256

41c021cee11a14eb5613d1d335403eb77fa322e5814b9f18b12dec4b153385f3
SHA512

75d814e6b978b9a13c17b57454e132afa2ed52a6273a75e6cf6972e6e29176b61d65eea1c54637b66cc71bab79040cc084e2ab7bcd9b0de8aaac105c319bcfe1
SSDEEP

3072:R5grzWpvh6qgJMxJKDdBRRAhpdvxG2QHhsbh4gs7Nh9ZdcKAouhjK:R5nwhDvYS2t4gshv4/oy2

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1848-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1848	2b336705c3824abfff0ef33d72da2198.exe

C:\Users\Admin\AppData\Local\Temp\2b336705c3824abfff0ef33d72da2198.exe
"C:\Users\Admin\AppData\Local\Temp\2b336705c3824abfff0ef33d72da2198.exe"
1⤵
- Suspicious behavior: RenamesItself
PID:1848

memory/1848-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1848-1-0x0000000000230000-0x0000000000244000-memory.dmp

Filesize
80KB

Download
memory/1848-3-0x0000000000250000-0x0000000000252000-memory.dmp

Filesize
8KB

Download
memory/1848-2-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1848-4-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/1848-7-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download