d7d23da16c6bbb3cbc3464cefb2bf301740cc1d363857be8575b88ee181f6398

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:57

Target

1938bb0bd4aa8fabe96ae9d05e8af77a.exe
Size

425KB
MD5

1938bb0bd4aa8fabe96ae9d05e8af77a
SHA1

082ded80ba584b74019d34cc7e7e84402fb147a5
SHA256

d7d23da16c6bbb3cbc3464cefb2bf301740cc1d363857be8575b88ee181f6398
SHA512

628603abc192a565c26eda57d81d6df5a4caf2408b11fc029bb9841551cf301697b04b00e6e5b38fecf6e0dcf36d68851cae0c70995271900ccec7cf1bb8ceeb
SSDEEP

12288:48pdol8FF3V/F7W/8E+wmpeu6my6O9WyvcnpG:Vfol8Zl+swNIy6O1k

Score

7^/10

upx

Executes dropped EXE 1 IoCs

pid	Process
1288	SACH0ST.exe

Loads dropped DLL 2 IoCs

pid	Process
2964	1938bb0bd4aa8fabe96ae9d05e8af77a.exe
2964	1938bb0bd4aa8fabe96ae9d05e8af77a.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2964-14-0x0000000000400000-0x000000000052E000-memory.dmp	upx
behavioral1/memory/1288-13-0x0000000000400000-0x000000000052E000-memory.dmp	upx
behavioral1/memory/1288-12-0x0000000000400000-0x000000000052E000-memory.dmp	upx
behavioral1/memory/2964-0-0x0000000000400000-0x000000000052E000-memory.dmp	upx
behavioral1/memory/1288-15-0x0000000000400000-0x000000000052E000-memory.dmp	upx

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\wbem\SACH0ST.exe	1938bb0bd4aa8fabe96ae9d05e8af77a.exe
File opened for modification	C:\Windows\SysWOW64\wbem\SACH0ST.exe	1938bb0bd4aa8fabe96ae9d05e8af77a.exe
File created	C:\Windows\SysWOW64\wbem\SACH0ST.exe	SACH0ST.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 1288	2964	1938bb0bd4aa8fabe96ae9d05e8af77a.exe	16
PID 2964 wrote to memory of 1288	2964	1938bb0bd4aa8fabe96ae9d05e8af77a.exe	16
PID 2964 wrote to memory of 1288	2964	1938bb0bd4aa8fabe96ae9d05e8af77a.exe	16
PID 2964 wrote to memory of 1288	2964	1938bb0bd4aa8fabe96ae9d05e8af77a.exe	16

memory/1288-13-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/1288-12-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/1288-15-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2964-14-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2964-9-0x00000000020C0000-0x00000000021EE000-memory.dmp

Filesize
1.2MB

Download
memory/2964-1-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2964-0-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download