33f20dfe483ec72a0e96863106b41198c703699e59cd328e396677d10da23e57

Analysis

max time kernel
121s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 10:01

Target

153ab098e29844e397609b81b3e9fc04.exe
Size

1.5MB
MD5

153ab098e29844e397609b81b3e9fc04
SHA1

ec653b383a365a6b83d79b0c0385a8ef28502a84
SHA256

33f20dfe483ec72a0e96863106b41198c703699e59cd328e396677d10da23e57
SHA512

dd802c234ed7709ba22ba53c26556aab558b6bc3f6e8217d3e98aa8994826f26ab8b8a38d215fe3e4c97a8cf4ecfcf38583e92615a1c763f7199add9b83d1592
SSDEEP

24576:2nwHf23OfJIqoW5rxIL+TXf/24faZT+5Z4Va5jINthlW:g6ffJlPzRP4kpcnl

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2204	153ab098e29844e397609b81b3e9fc04.exe

Executes dropped EXE 1 IoCs

pid	Process
2204	153ab098e29844e397609b81b3e9fc04.exe

Loads dropped DLL 1 IoCs

pid	Process
1260	153ab098e29844e397609b81b3e9fc04.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1260-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/1260-15-0x00000000035C0000-0x0000000003AAF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1260	153ab098e29844e397609b81b3e9fc04.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1260	153ab098e29844e397609b81b3e9fc04.exe
2204	153ab098e29844e397609b81b3e9fc04.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 2204	1260	153ab098e29844e397609b81b3e9fc04.exe	18
PID 1260 wrote to memory of 2204	1260	153ab098e29844e397609b81b3e9fc04.exe	18
PID 1260 wrote to memory of 2204	1260	153ab098e29844e397609b81b3e9fc04.exe	18
PID 1260 wrote to memory of 2204	1260	153ab098e29844e397609b81b3e9fc04.exe	18

memory/1260-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1260-2-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/1260-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1260-15-0x00000000035C0000-0x0000000003AAF000-memory.dmp

Filesize
4.9MB

Download
memory/1260-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2204-19-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/2204-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2204-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2204-26-0x00000000034E0000-0x000000000370A000-memory.dmp

Filesize
2.2MB

Download
memory/2204-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2204-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download