52de77c2dbd3a26cc5115f2da3db6575b793954dd9fd4c45345510b68aa7ddab

Analysis

max time kernel
148s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 09:10

Target

6289c1808db5dfef5196f705b57f73ce.exe
Size

104KB
MD5

6289c1808db5dfef5196f705b57f73ce
SHA1

f7f1e36e37a856d6be46472715e44ff05aac3f2c
SHA256

52de77c2dbd3a26cc5115f2da3db6575b793954dd9fd4c45345510b68aa7ddab
SHA512

24e84d751177d348e024592b3dff7afa2c9c1367c5efcb5c03e1ec64ea6146a4ce0f8c1a8bfa8ead4220a839b75ac31b5624df2597f4d1d632d5b056f5664b6f
SSDEEP

3072:PJGtgVl6+iYRpYU8npxRH3zzkZ6VQS5Soi:PJGeSEGU8p3HY6VQgFi

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2076-0-0x0000000000400000-0x0000000000422000-memory.dmp	upx

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2076	6289c1808db5dfef5196f705b57f73ce.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2928	2076	6289c1808db5dfef5196f705b57f73ce.exe	14
PID 2076 wrote to memory of 2928	2076	6289c1808db5dfef5196f705b57f73ce.exe	14
PID 2076 wrote to memory of 2928	2076	6289c1808db5dfef5196f705b57f73ce.exe	14
PID 2076 wrote to memory of 2928	2076	6289c1808db5dfef5196f705b57f73ce.exe	14
PID 2076 wrote to memory of 2928	2076	6289c1808db5dfef5196f705b57f73ce.exe	14
PID 2076 wrote to memory of 2928	2076	6289c1808db5dfef5196f705b57f73ce.exe	14
PID 2076 wrote to memory of 2928	2076	6289c1808db5dfef5196f705b57f73ce.exe	14

memory/2076-0-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2076-5-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2076-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2076-1-0x00000000001B0000-0x00000000001B2000-memory.dmp

Filesize
8KB

Download
memory/2928-3-0x00000000000C0000-0x00000000000C9000-memory.dmp

Filesize
36KB

Download
memory/2928-6-0x00000000000C0000-0x00000000000C9000-memory.dmp

Filesize
36KB

Download
memory/2928-4-0x00000000000C0000-0x00000000000C9000-memory.dmp

Filesize
36KB

Download
memory/2928-9-0x00000000000C0000-0x00000000000C9000-memory.dmp

Filesize
36KB

Download