0a62db95264abf035e276a3cf3cf30969456543c39caf43367bb79c8045f45fa

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 04:50

Target

0f0ff38cb163632603dd1e15514a5610.exe
Size

1.5MB
MD5

0f0ff38cb163632603dd1e15514a5610
SHA1

23652411a11f366f62f1cb229b7b05ee9383c724
SHA256

0a62db95264abf035e276a3cf3cf30969456543c39caf43367bb79c8045f45fa
SHA512

f589a772683683e948bf29f88262ca4f33ca8379eca5b647ee2171582c81d8504475ba2fe92ad14356fc0b16397cc44a5b3e7e2d5293c36d767275cdf236e39c
SSDEEP

24576:eNnxuTG7ei8wOlna3Jt3zV0vErfc+j/C8+K7l5/TbRYhE7W:+xuTGyqO8zSvifcIDv55H

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2344	0f0ff38cb163632603dd1e15514a5610.exe

Executes dropped EXE 1 IoCs

pid	Process
2344	0f0ff38cb163632603dd1e15514a5610.exe

Loads dropped DLL 1 IoCs

pid	Process
2192	0f0ff38cb163632603dd1e15514a5610.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2192-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2192-14-0x0000000003610000-0x0000000003AFF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2192	0f0ff38cb163632603dd1e15514a5610.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2192	0f0ff38cb163632603dd1e15514a5610.exe
2344	0f0ff38cb163632603dd1e15514a5610.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2344	2192	0f0ff38cb163632603dd1e15514a5610.exe	17
PID 2192 wrote to memory of 2344	2192	0f0ff38cb163632603dd1e15514a5610.exe	17
PID 2192 wrote to memory of 2344	2192	0f0ff38cb163632603dd1e15514a5610.exe	17
PID 2192 wrote to memory of 2344	2192	0f0ff38cb163632603dd1e15514a5610.exe	17

memory/2192-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2192-2-0x0000000000280000-0x00000000003B3000-memory.dmp

Filesize
1.2MB

Download
memory/2192-14-0x0000000003610000-0x0000000003AFF000-memory.dmp

Filesize
4.9MB

Download
memory/2192-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2192-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2192-31-0x0000000003610000-0x0000000003AFF000-memory.dmp

Filesize
4.9MB

Download
memory/2344-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2344-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2344-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2344-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2344-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2344-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download