c3fdbdf0ba5013d60d9d7de5ec5fb39e6eaa4265d364c34f3d0e462a9abf37b3

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 15:36

Target

795f94d1c089c14fd204f41cce5d0a62.exe
Size

1010KB
MD5

795f94d1c089c14fd204f41cce5d0a62
SHA1

2646a7b680a5eb05decf6e5e0655a7b7d0b11c10
SHA256

c3fdbdf0ba5013d60d9d7de5ec5fb39e6eaa4265d364c34f3d0e462a9abf37b3
SHA512

cc8e10c9b135232fcd0dd0688390e2f44bbb5d72926d6843958a634940129e97343992c21ec63fcf4caa020984f19a3b112c003e9fd0762f5170aae97a2bbdf5
SSDEEP

12288:1mBNbj9y3awsnqYTfm6hiYc5plDFwrilMiYTfm:1gbhy3a9nqmfduvlB7lbmf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2240	795f94d1c089c14fd204f41cce5d0a62.exe

Executes dropped EXE 1 IoCs

pid	Process
2240	795f94d1c089c14fd204f41cce5d0a62.exe

Loads dropped DLL 1 IoCs

pid	Process
2124	795f94d1c089c14fd204f41cce5d0a62.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2124-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral1/files/0x000a000000012255-10.dat	upx
behavioral1/memory/2124-15-0x0000000002E40000-0x0000000002F31000-memory.dmp	upx
behavioral1/memory/2240-17-0x0000000000400000-0x00000000004F1000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2124	795f94d1c089c14fd204f41cce5d0a62.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2124	795f94d1c089c14fd204f41cce5d0a62.exe
2240	795f94d1c089c14fd204f41cce5d0a62.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2240	2124	795f94d1c089c14fd204f41cce5d0a62.exe	29
PID 2124 wrote to memory of 2240	2124	795f94d1c089c14fd204f41cce5d0a62.exe	29
PID 2124 wrote to memory of 2240	2124	795f94d1c089c14fd204f41cce5d0a62.exe	29
PID 2124 wrote to memory of 2240	2124	795f94d1c089c14fd204f41cce5d0a62.exe	29

\Users\Admin\AppData\Local\Temp\795f94d1c089c14fd204f41cce5d0a62.exe

Filesize
1010KB

MD5
41f0933ad13f3f630520dd0ce03e4c4b

SHA1
9273621295a82191ab79ac6f17baf6130c687e70

SHA256
f33aab3eca36518b9c44be179ad15e36b9d2ca73157513c8fd61881ac8d91adc

SHA512
0ca33ee239ea1877adb810f6d5dafa8aa482fc795c49ca575243b81a4c01f64b992c93b1efe3f5a2deb339648809b501aa1bdadc121b702b0736e68e07bbdf6c

Download Submit
memory/2124-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2124-1-0x0000000000330000-0x0000000000363000-memory.dmp

Filesize
204KB

Download
memory/2124-2-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2124-15-0x0000000002E40000-0x0000000002F31000-memory.dmp

Filesize
964KB

Download
memory/2124-14-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2240-17-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2240-19-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2240-30-0x00000000003B0000-0x0000000000400000-memory.dmp

Filesize
320KB

Download
memory/2240-24-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2240-18-0x00000000000B0000-0x00000000000E3000-memory.dmp

Filesize
204KB

Download
memory/2240-31-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download