e2f214c142ef4a533343cbb95e1a2d77d2a146cd3b63962287983d8217b2dd95

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 18:58

Target

363b8ae96e44647d60ef0a185f8a7563.exe
Size

17KB
MD5

363b8ae96e44647d60ef0a185f8a7563
SHA1

79da7c2b898db86a167f47e20210e722322738e6
SHA256

e2f214c142ef4a533343cbb95e1a2d77d2a146cd3b63962287983d8217b2dd95
SHA512

cf2fe0a228604e1f03b0ff849dd146e80e97fd5fe78dcdb4b6d081da00b54becf89edee76daba4edd3f0e45b56c52652a1f40aa8ac55f121c6ec280f9f15b668
SSDEEP

384:QtOIUDiupeKI1LytHMCq7YrXl6wzQiKxXNovMaNJawcudoD7Uu7:QkI2iupXWL6sCq8lpze9ovFnbcuyD7U

Score

8^/10

upx

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	cmd.exe

Loads dropped DLL 1 IoCs

pid	Process
2212	363b8ae96e44647d60ef0a185f8a7563.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2212-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2212-21-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 1320	2212	363b8ae96e44647d60ef0a185f8a7563.exe	29
PID 2212 wrote to memory of 1320	2212	363b8ae96e44647d60ef0a185f8a7563.exe	29
PID 2212 wrote to memory of 1320	2212	363b8ae96e44647d60ef0a185f8a7563.exe	29
PID 2212 wrote to memory of 1320	2212	363b8ae96e44647d60ef0a185f8a7563.exe	29

C:\Users\Admin\AppData\Local\Temp\363b8ae96e44647d60ef0a185f8a7563.exe
"C:\Users\Admin\AppData\Local\Temp\363b8ae96e44647d60ef0a185f8a7563.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\404B.tmp\gldo.bat""
  2⤵
  - Drops file in Drivers directory
  PID:1320

C:\Users\Admin\AppData\Local\Temp\404B.tmp\gldo.bat

Filesize
264B

MD5
7aab960898497f3b9f83fe2b1ee6a0f8

SHA1
e5d6fba7980571c6ceb1cc39b38023ee98e0a993

SHA256
0adfddcad3696f7412e6b3a304076f9469f075cdb400140c4d7ea828b997b3d1

SHA512
e08aba68bfe81002e492e2dbd5de0dde7dd42b5aae679cb8771f9b9238f7aa171bd1f0d1bfec067f0b8359ab95037e2259b405bfbf6a4de663cc55af39470158

Download Submit
\Users\Admin\AppData\Local\Temp\404B.tmp\b2e.dll

Filesize
31KB

MD5
7b860f28be19d4aef761fb991134a556

SHA1
0658a7456d0234dcca598b6ee599fe134d0ecd61

SHA256
57a2586d73188a694944c7da60c78380f82fac46452ed1a31c818ceb93e660bc

SHA512
a0685a25cbc3fff74aa4ad538ade5282242980f07fe1171e01644e0fa98e1ec6adc87b943290983f6fb5070d26fc15d697ae31a1f570e83e504ae1e4508aefa5

Download Submit
memory/2212-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2212-21-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download