3ec1eb05f285a64217bc1f83ecafbdf4d2ef62fe7e37f083f1b192bc440ee098

Analysis

max time kernel
122s
max time network
144s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 02:24

Target

4c7dc06d56c085a36cf50431de28813a.exe
Size

68KB
MD5

4c7dc06d56c085a36cf50431de28813a
SHA1

72f1e251653f43c9e5f6846d4523f6fdbb47e5e1
SHA256

3ec1eb05f285a64217bc1f83ecafbdf4d2ef62fe7e37f083f1b192bc440ee098
SHA512

31605344e0c783509e4c3f39d9a6a496cf3a6531353965288c1ab82df93b658567442220074d23598c8d906ea49fa5da2eaf6a81e6c0047696c21af8ff5c4554
SSDEEP

1536:7TL6MWAfIaSVD4JXQJfXUXQFbKjTTgLvbe2r3ikerxFaiV0CmuJdr:zg+SVfsAFbKjTTgLvbrjpmgyBbdr

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2276	4c7dc06d56c085a36cf50431de28813a.exe

Executes dropped EXE 1 IoCs

pid	Process
2276	4c7dc06d56c085a36cf50431de28813a.exe

Loads dropped DLL 1 IoCs

pid	Process
2512	4c7dc06d56c085a36cf50431de28813a.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2512-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0008000000012224-10.dat	upx
behavioral1/memory/2512-12-0x0000000000170000-0x00000000001AA000-memory.dmp	upx
behavioral1/memory/2276-17-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2512	4c7dc06d56c085a36cf50431de28813a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2512	4c7dc06d56c085a36cf50431de28813a.exe
2276	4c7dc06d56c085a36cf50431de28813a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2276	2512	4c7dc06d56c085a36cf50431de28813a.exe	29
PID 2512 wrote to memory of 2276	2512	4c7dc06d56c085a36cf50431de28813a.exe	29
PID 2512 wrote to memory of 2276	2512	4c7dc06d56c085a36cf50431de28813a.exe	29
PID 2512 wrote to memory of 2276	2512	4c7dc06d56c085a36cf50431de28813a.exe	29

\Users\Admin\AppData\Local\Temp\4c7dc06d56c085a36cf50431de28813a.exe

Filesize
68KB

MD5
a196ea6d563857c037f72dd8eab618b7

SHA1
6ce6d248a7f1b38a749e20b973931164c3394abb

SHA256
75676e001c1bafabaf48c437b50f7f376e1af4c6e9f3ea0918d046e341cc654d

SHA512
adefd9139472078b36e3f869477ee6be5ac9c789b68a0d1019ae53d2887f291c884e070f2436c217783e24726bbc8ce31f4b61adf7b0f9c55a2c904a33c89b33

Download Submit
memory/2276-17-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2276-19-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2276-18-0x0000000000030000-0x000000000003E000-memory.dmp

Filesize
56KB

Download
memory/2276-29-0x0000000000170000-0x000000000018B000-memory.dmp

Filesize
108KB

Download
memory/2276-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2276-30-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2512-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2512-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2512-4-0x0000000000030000-0x000000000003E000-memory.dmp

Filesize
56KB

Download
memory/2512-12-0x0000000000170000-0x00000000001AA000-memory.dmp

Filesize
232KB

Download
memory/2512-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download