7f616cc9509211938a88619c44e8b547030e2e8beb636caed8d0bd2d1d1e1560

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 13:07

Target

70e8892f55aba47e7c2b641f0acdebe3.exe
Size

1010KB
MD5

70e8892f55aba47e7c2b641f0acdebe3
SHA1

50f9aa230d17f8ae6b7200514907e21eb6b3f2c3
SHA256

7f616cc9509211938a88619c44e8b547030e2e8beb636caed8d0bd2d1d1e1560
SHA512

233dcb9ab8a68ba338b74a247a9f557f89c1ed5dfe7074dc79a4cd9c91126b506221aece4e6d83a38338dfa583850883d8a86d81f5117452e827d5d5cd19b55d
SSDEEP

12288:BpHfmjE/DJgij08jpjYTfm6hiYc5plDFwrilMiYTfm:DujE/DJgij08jhmfduvlB7lbmf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2156	70e8892f55aba47e7c2b641f0acdebe3.exe

Executes dropped EXE 1 IoCs

pid	Process
2156	70e8892f55aba47e7c2b641f0acdebe3.exe

Loads dropped DLL 1 IoCs

pid	Process
2204	70e8892f55aba47e7c2b641f0acdebe3.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2204-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral1/files/0x000a000000012263-10.dat	upx
behavioral1/memory/2204-14-0x0000000000300000-0x00000000003F1000-memory.dmp	upx
behavioral1/memory/2156-17-0x0000000000400000-0x00000000004F1000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2204	70e8892f55aba47e7c2b641f0acdebe3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2204	70e8892f55aba47e7c2b641f0acdebe3.exe
2156	70e8892f55aba47e7c2b641f0acdebe3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2156	2204	70e8892f55aba47e7c2b641f0acdebe3.exe	29
PID 2204 wrote to memory of 2156	2204	70e8892f55aba47e7c2b641f0acdebe3.exe	29
PID 2204 wrote to memory of 2156	2204	70e8892f55aba47e7c2b641f0acdebe3.exe	29
PID 2204 wrote to memory of 2156	2204	70e8892f55aba47e7c2b641f0acdebe3.exe	29

\Users\Admin\AppData\Local\Temp\70e8892f55aba47e7c2b641f0acdebe3.exe

Filesize
1010KB

MD5
94a7fed80b0cb40472643e94c3796b12

SHA1
f26a053693d7d8d58c0af4d1eb4012ca13bbe332

SHA256
091693a070afe210ac5c88536fb3736f7b491f7f9581b87f5f2f9947c73f1271

SHA512
965c4be96ef2e95aca6506118f41cba2bae1d148062d6363ae5e6bfae23a181aaac3c7d2e441e56e1eb550916aff63dc551ed0f59a7625fd47e32b7f77d91688

Download Submit
memory/2156-17-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2156-24-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2156-30-0x00000000002A0000-0x00000000002F0000-memory.dmp

Filesize
320KB

Download
memory/2156-19-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2156-18-0x0000000000170000-0x00000000001A3000-memory.dmp

Filesize
204KB

Download
memory/2156-31-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2204-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2204-2-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2204-1-0x0000000000170000-0x00000000001A3000-memory.dmp

Filesize
204KB

Download
memory/2204-15-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2204-14-0x0000000000300000-0x00000000003F1000-memory.dmp

Filesize
964KB

Download