d89ffc159e654e55966d0363bd4cfb2e1910b7f8724ef11815162712f79f691a

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 08:17

Target

5f263c4522701ebeb990b85f3da22229.exe
Size

353KB
MD5

5f263c4522701ebeb990b85f3da22229
SHA1

8c04b1dfc541a3a012bfdf60157ef9c7088513e3
SHA256

d89ffc159e654e55966d0363bd4cfb2e1910b7f8724ef11815162712f79f691a
SHA512

1c553056d590393ee32c1bd76b144e2d713fb975f89c8d563e23983e481c755e8bb4fc115fc87c429dba7a4871de4c2b2faaab8605319fea875ae2fbb953c913
SSDEEP

6144:TCCmIrPiSrceClr5tWSIb4g1OZl+dUMAADe5uAejfZnCLFYdxfsLPrPwo+:fmIripJHtW3vYWwQeJYALFYTfmE

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2732	5f263c4522701ebeb990b85f3da22229.exe

Executes dropped EXE 1 IoCs

pid	Process
2732	5f263c4522701ebeb990b85f3da22229.exe

Loads dropped DLL 1 IoCs

pid	Process
2012	5f263c4522701ebeb990b85f3da22229.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2012-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral1/files/0x000b000000012242-14.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2012	5f263c4522701ebeb990b85f3da22229.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2012	5f263c4522701ebeb990b85f3da22229.exe
2732	5f263c4522701ebeb990b85f3da22229.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 2732	2012	5f263c4522701ebeb990b85f3da22229.exe	14
PID 2012 wrote to memory of 2732	2012	5f263c4522701ebeb990b85f3da22229.exe	14
PID 2012 wrote to memory of 2732	2012	5f263c4522701ebeb990b85f3da22229.exe	14
PID 2012 wrote to memory of 2732	2012	5f263c4522701ebeb990b85f3da22229.exe	14

C:\Users\Admin\AppData\Local\Temp\5f263c4522701ebeb990b85f3da22229.exe

Filesize
353KB

MD5
496b00dd12ccbc6db34ce4dec0900269

SHA1
f05bf88131fc0faeccdc149c7f14ab9e70f93136

SHA256
4b18c4cf94c69be76a279ec5b25105de1e5042c6423d58f25d986baca2f5ebd5

SHA512
8ce439cad0e242e93551e9353e1cde62d9465678eba9ae91bd5deb56e14e6d4360c41fc1614d6008bd887a602bf50b8483b1143f12d0c2693604bdf3a3e40c6e

Download Submit
memory/2012-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2012-6-0x0000000000120000-0x0000000000153000-memory.dmp

Filesize
204KB

Download
memory/2012-1-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2012-18-0x0000000002D30000-0x0000000002E21000-memory.dmp

Filesize
964KB

Download
memory/2012-15-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2732-17-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2732-20-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2732-30-0x00000000003B0000-0x0000000000400000-memory.dmp

Filesize
320KB

Download
memory/2732-24-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2732-16-0x00000000001F0000-0x0000000000223000-memory.dmp

Filesize
204KB

Download
memory/2732-31-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download