7ac70fd7dad21f2091048f427c1b0255df00943a78a2babca7ab7c017514f29e

Analysis

max time kernel
92s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 17:04

Target

7ee0cba9c4fd234fd0b411e32e24735b.exe
Size

115KB
MD5

7ee0cba9c4fd234fd0b411e32e24735b
SHA1

7a0817b88b030f9f37c2c563b940edc3af5ef2e5
SHA256

7ac70fd7dad21f2091048f427c1b0255df00943a78a2babca7ab7c017514f29e
SHA512

ab20c80f493d696b298e834db0726e3c2cb3d2ba6d2e5519634532d9c239ab0ea9ecfb80640574fabccc3c358f74c457de60977e1a161a023d0b09edfb679045
SSDEEP

3072:3NzO7Er+WRY21x4p7JvPV3LbxKrUmS1SqPsc9vFv4DRtp:3NzmfWRY2SL7VKrUXPscfvORj

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1948	7ee0cba9c4fd234fd0b411e32e24735b.exe

Executes dropped EXE 1 IoCs

pid	Process
1948	7ee0cba9c4fd234fd0b411e32e24735b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1936-0-0x0000000000400000-0x0000000000475000-memory.dmp	upx
behavioral2/memory/1948-14-0x0000000000400000-0x0000000000475000-memory.dmp	upx
behavioral2/files/0x00080000000231f9-13.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1936	7ee0cba9c4fd234fd0b411e32e24735b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1936	7ee0cba9c4fd234fd0b411e32e24735b.exe
1948	7ee0cba9c4fd234fd0b411e32e24735b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 1948	1936	7ee0cba9c4fd234fd0b411e32e24735b.exe	20
PID 1936 wrote to memory of 1948	1936	7ee0cba9c4fd234fd0b411e32e24735b.exe	20
PID 1936 wrote to memory of 1948	1936	7ee0cba9c4fd234fd0b411e32e24735b.exe	20

C:\Users\Admin\AppData\Local\Temp\7ee0cba9c4fd234fd0b411e32e24735b.exe

Filesize
67KB

MD5
42789d93895289a4098fdd11eea5e500

SHA1
5dbb5a7d0b36bc4972399966ef962fc3d719cdc1

SHA256
8bc5dfa7f891428b224ab60e81fb853111e313dc2048c04a4bc2c1c3a331aa46

SHA512
a9185a8755d66a9a9c474b8e71d292bde0722a2a8ddeee7405f5cf4ac816c50a31be1f13620c096aa0c46e3526a95867add5f066d4463eca72a5c871363bf06b

Download Submit
memory/1936-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1936-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1936-15-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1936-1-0x00000000001B0000-0x00000000001CD000-memory.dmp

Filesize
116KB

Download
memory/1948-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1948-28-0x00000000014B0000-0x00000000014CD000-memory.dmp

Filesize
116KB

Download
memory/1948-20-0x0000000000190000-0x00000000001AD000-memory.dmp

Filesize
116KB

Download
memory/1948-14-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/1948-29-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download