56978255a5c5705a2d2334df2af1089690161af39a5cfbb56cf3387bf4cc2893

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 06:34

Target

59ea1321a014a480fa61cf7910c38a83.exe
Size

56KB
MD5

59ea1321a014a480fa61cf7910c38a83
SHA1

6a287567dbd8643508b37d2e5c411924a2303be6
SHA256

56978255a5c5705a2d2334df2af1089690161af39a5cfbb56cf3387bf4cc2893
SHA512

cebdcd13d2d93fb5bb59c0ee6598e8929c27318326aec1a623bc9afab5cfd3f558533b39a0b8ed2cdd26399aa180db89c3f1893c2e9f200b45e625bc05b34391
SSDEEP

1536:mkKy6hkvltHn0MJLWFqskC+BpGFeLftV:JKPkvltH/SFb2f

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2084	59ea1321a014a480fa61cf7910c38a83.exe

Executes dropped EXE 1 IoCs

pid	Process
2084	59ea1321a014a480fa61cf7910c38a83.exe

Loads dropped DLL 1 IoCs

pid	Process
1712	59ea1321a014a480fa61cf7910c38a83.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1712-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1712	59ea1321a014a480fa61cf7910c38a83.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1712	59ea1321a014a480fa61cf7910c38a83.exe
2084	59ea1321a014a480fa61cf7910c38a83.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2084	1712	59ea1321a014a480fa61cf7910c38a83.exe	16
PID 1712 wrote to memory of 2084	1712	59ea1321a014a480fa61cf7910c38a83.exe	16
PID 1712 wrote to memory of 2084	1712	59ea1321a014a480fa61cf7910c38a83.exe	16
PID 1712 wrote to memory of 2084	1712	59ea1321a014a480fa61cf7910c38a83.exe	16

memory/1712-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1712-9-0x0000000000030000-0x000000000003E000-memory.dmp

Filesize
56KB

Download
memory/1712-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1712-18-0x00000000001E0000-0x000000000021A000-memory.dmp

Filesize
232KB

Download
memory/1712-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1712-30-0x00000000001E0000-0x000000000021A000-memory.dmp

Filesize
232KB

Download
memory/2084-17-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2084-29-0x0000000000170000-0x000000000018B000-memory.dmp

Filesize
108KB

Download
memory/2084-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2084-20-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2084-16-0x0000000000030000-0x000000000003E000-memory.dmp

Filesize
56KB

Download
memory/2084-31-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download