8133f24dd3e4face5b10d0f9d6747ef7b3852a9dc7a4465afb7e855a1b92b259

Analysis

max time kernel
120s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 01:59

Target

0aea7ef3eb6aeb00a645af78f184ea7b.exe
Size

56KB
MD5

0aea7ef3eb6aeb00a645af78f184ea7b
SHA1

ef7f6dec5876f7e6bcc5995e3d293283bd16d393
SHA256

8133f24dd3e4face5b10d0f9d6747ef7b3852a9dc7a4465afb7e855a1b92b259
SHA512

34e720694018bfd923deadba24fafc2540239432a5b3840b73ccb92762c5f751cb058bc290e383c2492b807e0967b17e1b05092c0eff6d704e61b016f2fece8f
SSDEEP

1536:9jO9pCKfS6T1iGaogy4GElsIXzF9erWcCA6r:Q9pCAiGVKGzIX5cL6

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2832	0aea7ef3eb6aeb00a645af78f184ea7b.exe

Executes dropped EXE 1 IoCs

pid	Process
2832	0aea7ef3eb6aeb00a645af78f184ea7b.exe

Loads dropped DLL 1 IoCs

pid	Process
2716	0aea7ef3eb6aeb00a645af78f184ea7b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2716-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000b000000012267-10.dat	upx
behavioral1/memory/2832-17-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2716	0aea7ef3eb6aeb00a645af78f184ea7b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2716	0aea7ef3eb6aeb00a645af78f184ea7b.exe
2832	0aea7ef3eb6aeb00a645af78f184ea7b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2832	2716	0aea7ef3eb6aeb00a645af78f184ea7b.exe	28
PID 2716 wrote to memory of 2832	2716	0aea7ef3eb6aeb00a645af78f184ea7b.exe	28
PID 2716 wrote to memory of 2832	2716	0aea7ef3eb6aeb00a645af78f184ea7b.exe	28
PID 2716 wrote to memory of 2832	2716	0aea7ef3eb6aeb00a645af78f184ea7b.exe	28

\Users\Admin\AppData\Local\Temp\0aea7ef3eb6aeb00a645af78f184ea7b.exe

Filesize
56KB

MD5
47a97ccd440a42dd89c1382247249a62

SHA1
e675bfbf29dcafe5bbb43a8fbfc7d529ef5a265c

SHA256
ca336c94761829c823a229ca6b448f9e2a51908ec6be6348cede6b4d070af418

SHA512
4723939f790d8d3e28c5e4d9ae0c275db6d7778aa07cf9f6cf6e00a16463d881ae6f25a89f41c7618725ecfe8f670fd657dae94686c85fb9596a243ba3a7f299

Download Submit
memory/2716-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2716-1-0x0000000000030000-0x000000000003E000-memory.dmp

Filesize
56KB

Download
memory/2716-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2716-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2716-14-0x00000000002E0000-0x000000000031A000-memory.dmp

Filesize
232KB

Download
memory/2832-18-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2832-17-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2832-20-0x0000000000030000-0x000000000003E000-memory.dmp

Filesize
56KB

Download
memory/2832-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2832-29-0x0000000000170000-0x000000000018B000-memory.dmp

Filesize
108KB

Download
memory/2832-30-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download