3947da3f6396cc14fd47521312ad46d5afd93b711c05f1f2952e3f691a3e795b

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 01:09

Target

48188d02df997cc3856af968280206e2.exe
Size

353KB
MD5

48188d02df997cc3856af968280206e2
SHA1

4571de51678ed4403d378bb48a05ba5e05fe99e8
SHA256

3947da3f6396cc14fd47521312ad46d5afd93b711c05f1f2952e3f691a3e795b
SHA512

0f4de1848d20cbb655e92721e5647f9fe9e68ef2a69fa40d1828f9fcd7b9d1b867dff3ee1085e2d2c39593b2c9d9857f99c6113053c10b00d7bda08a790fa648
SSDEEP

6144:Y8TVl/60L6dxJfnITw7zKivUhIYE+1Xjq9YdxfsLPrPwo+:Y8/y0L6dxVa/hIYEoTq9YTfmE

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2764	48188d02df997cc3856af968280206e2.exe

Executes dropped EXE 1 IoCs

pid	Process
2764	48188d02df997cc3856af968280206e2.exe

Loads dropped DLL 1 IoCs

pid	Process
2384	48188d02df997cc3856af968280206e2.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2384-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral1/files/0x000a00000001225a-10.dat	upx
behavioral1/files/0x000a00000001225a-16.dat	upx
behavioral1/memory/2764-17-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral1/memory/2384-15-0x0000000002E80000-0x0000000002F71000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2384	48188d02df997cc3856af968280206e2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2384	48188d02df997cc3856af968280206e2.exe
2764	48188d02df997cc3856af968280206e2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2764	2384	48188d02df997cc3856af968280206e2.exe	29
PID 2384 wrote to memory of 2764	2384	48188d02df997cc3856af968280206e2.exe	29
PID 2384 wrote to memory of 2764	2384	48188d02df997cc3856af968280206e2.exe	29
PID 2384 wrote to memory of 2764	2384	48188d02df997cc3856af968280206e2.exe	29

\Users\Admin\AppData\Local\Temp\48188d02df997cc3856af968280206e2.exe

Filesize
96KB

MD5
ee25936ae3e97b6e05b6e205a01a4b13

SHA1
efae8bf094bd48a195e364032f10f336ac739385

SHA256
9a3714dea738c6c7254d3f15700183d371e790baeef7c1256b3a19c6128d9cb7

SHA512
20f4360f5c600ed74ffebc67af43489fff2712e04bb267351f6338ee466c1199048ef0cc20d976844414a7e01a318ea067510c8da8a3ac895d0f251e764ae9a2

Download Submit
memory/2384-15-0x0000000002E80000-0x0000000002F71000-memory.dmp

Filesize
964KB

Download
memory/2384-1-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2384-3-0x0000000000170000-0x00000000001A3000-memory.dmp

Filesize
204KB

Download
memory/2384-14-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2384-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2764-24-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2764-18-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2764-17-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2764-30-0x0000000000450000-0x00000000004A0000-memory.dmp

Filesize
320KB

Download
memory/2764-19-0x0000000000120000-0x0000000000153000-memory.dmp

Filesize
204KB

Download
memory/2764-31-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download