2983709273ad0c20a0c34e65f6a6eb3837d47b351e081897e3535b497ee1483d

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 22:31

Target

1e87bfde7636ae49d9bba1111da512e2.exe
Size

2.9MB
MD5

1e87bfde7636ae49d9bba1111da512e2
SHA1

30d16e57c67d19bdefb7eca8ef2bd3074bb89b17
SHA256

2983709273ad0c20a0c34e65f6a6eb3837d47b351e081897e3535b497ee1483d
SHA512

0e404581325a7b9de0d919205bcd007cfdaa23d9a250816691cd6d130e240e75db93e036c166ba07479954703058394bca2b00f898fdb23bf4666f63777f805e
SSDEEP

49152:SPLeMUQuJ6/lXuPKmK8Am4X+yd/XGg83KPNA6UxMzhbF2dXvantheBpAlGN:SPLJ/gPKR39dvGse+zJIiHeBpAlW

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2660	1e87bfde7636ae49d9bba1111da512e2.exe

Executes dropped EXE 1 IoCs

pid	Process
2660	1e87bfde7636ae49d9bba1111da512e2.exe

Loads dropped DLL 1 IoCs

pid	Process
2488	1e87bfde7636ae49d9bba1111da512e2.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2488-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2660-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012256-14.dat	upx
behavioral1/memory/2488-13-0x00000000037F0000-0x0000000003CDF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2488	1e87bfde7636ae49d9bba1111da512e2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2488	1e87bfde7636ae49d9bba1111da512e2.exe
2660	1e87bfde7636ae49d9bba1111da512e2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 2660	2488	1e87bfde7636ae49d9bba1111da512e2.exe	18
PID 2488 wrote to memory of 2660	2488	1e87bfde7636ae49d9bba1111da512e2.exe	18
PID 2488 wrote to memory of 2660	2488	1e87bfde7636ae49d9bba1111da512e2.exe	18
PID 2488 wrote to memory of 2660	2488	1e87bfde7636ae49d9bba1111da512e2.exe	18

C:\Users\Admin\AppData\Local\Temp\1e87bfde7636ae49d9bba1111da512e2.exe

Filesize
16KB

MD5
ccf2611c397577b362527863b4f8d7a1

SHA1
95a8b7418dab681f4860b78405c50609628d0dd0

SHA256
baa6f9796ef577a25d84535f1f019cc585d6f006deef8d73ab97d1a52ef0bf64

SHA512
873e66e13bee76ca463414533b63df4a1b588f32f3cabbe84ebfeb70e1e980e77fb5ec392260e8ee9bcac5641929c42689a00d32a5d3580079c351e64332a346

Download Submit
memory/2488-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2488-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2488-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2488-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2488-13-0x00000000037F0000-0x0000000003CDF000-memory.dmp

Filesize
4.9MB

Download
memory/2660-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2660-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2660-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2660-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2660-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2660-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download