7ac70fd7dad21f2091048f427c1b0255df00943a78a2babca7ab7c017514f29e

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 17:04

Target

7ee0cba9c4fd234fd0b411e32e24735b.exe
Size

115KB
MD5

7ee0cba9c4fd234fd0b411e32e24735b
SHA1

7a0817b88b030f9f37c2c563b940edc3af5ef2e5
SHA256

7ac70fd7dad21f2091048f427c1b0255df00943a78a2babca7ab7c017514f29e
SHA512

ab20c80f493d696b298e834db0726e3c2cb3d2ba6d2e5519634532d9c239ab0ea9ecfb80640574fabccc3c358f74c457de60977e1a161a023d0b09edfb679045
SSDEEP

3072:3NzO7Er+WRY21x4p7JvPV3LbxKrUmS1SqPsc9vFv4DRtp:3NzmfWRY2SL7VKrUXPscfvORj

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2812	7ee0cba9c4fd234fd0b411e32e24735b.exe

Executes dropped EXE 1 IoCs

pid	Process
2812	7ee0cba9c4fd234fd0b411e32e24735b.exe

Loads dropped DLL 1 IoCs

pid	Process
2332	7ee0cba9c4fd234fd0b411e32e24735b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2332-0-0x0000000000400000-0x0000000000475000-memory.dmp	upx
behavioral1/memory/2812-18-0x0000000000400000-0x0000000000475000-memory.dmp	upx
behavioral1/memory/2332-16-0x0000000000170000-0x00000000001E5000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2332	7ee0cba9c4fd234fd0b411e32e24735b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2332	7ee0cba9c4fd234fd0b411e32e24735b.exe
2812	7ee0cba9c4fd234fd0b411e32e24735b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2812	2332	7ee0cba9c4fd234fd0b411e32e24735b.exe	15
PID 2332 wrote to memory of 2812	2332	7ee0cba9c4fd234fd0b411e32e24735b.exe	15
PID 2332 wrote to memory of 2812	2332	7ee0cba9c4fd234fd0b411e32e24735b.exe	15
PID 2332 wrote to memory of 2812	2332	7ee0cba9c4fd234fd0b411e32e24735b.exe	15

memory/2332-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2332-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2332-1-0x0000000000140000-0x000000000015D000-memory.dmp

Filesize
116KB

Download
memory/2332-16-0x0000000000170000-0x00000000001E5000-memory.dmp

Filesize
468KB

Download
memory/2332-15-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2812-18-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/2812-31-0x00000000002F0000-0x000000000030D000-memory.dmp

Filesize
116KB

Download
memory/2812-26-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2812-20-0x00000000002C0000-0x00000000002DD000-memory.dmp

Filesize
116KB

Download
memory/2812-32-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download