90ac8c5f028b7c4a155723fef15f6ebded70771f42296cd6b2fe6cfde04dac05

Analysis

max time kernel
122s
max time network
233s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 13:01

Target

1950f4e0d321a05106c9904f453a4882.exe
Size

1.3MB
MD5

1950f4e0d321a05106c9904f453a4882
SHA1

fbea864551b6b49a1976e5bf8e56c3c4fe1070d9
SHA256

90ac8c5f028b7c4a155723fef15f6ebded70771f42296cd6b2fe6cfde04dac05
SHA512

5b96cbf723f74133f10f10daa1fcfd7658c1e8906d275d6775672f7dd4f3e8298a9c69b3ee48e7137d92222d8c7b5a95574efa003ff8152b7a56e06eae3e6187
SSDEEP

24576:nNqp4Un7wdqjWHbYMM255QIvsJ7kGXu1vOHF6sY5en1vG:076bzVQtJ7ruwUsY5e

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1940	1950f4e0d321a05106c9904f453a4882.exe

Executes dropped EXE 1 IoCs

pid	Process
1940	1950f4e0d321a05106c9904f453a4882.exe

Loads dropped DLL 1 IoCs

pid	Process
2632	1950f4e0d321a05106c9904f453a4882.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2632-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-11.dat	upx
behavioral1/memory/2632-13-0x0000000003510000-0x000000000397A000-memory.dmp	upx
behavioral1/memory/1940-17-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2632	1950f4e0d321a05106c9904f453a4882.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2632	1950f4e0d321a05106c9904f453a4882.exe
1940	1950f4e0d321a05106c9904f453a4882.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 1940	2632	1950f4e0d321a05106c9904f453a4882.exe	28
PID 2632 wrote to memory of 1940	2632	1950f4e0d321a05106c9904f453a4882.exe	28
PID 2632 wrote to memory of 1940	2632	1950f4e0d321a05106c9904f453a4882.exe	28
PID 2632 wrote to memory of 1940	2632	1950f4e0d321a05106c9904f453a4882.exe	28

\Users\Admin\AppData\Local\Temp\1950f4e0d321a05106c9904f453a4882.exe

Filesize
1.3MB

MD5
08d5d9c59cbeb5f444911ddf9950d5b0

SHA1
4a50873c3ff72c19a53eca8745c43ae9bd007ef9

SHA256
e4fb93a0010ec916f1179159501764e160c641df78f8196a6a8efe24f941979f

SHA512
8d1d4f3ea43dcc1386e4bb898612c901d7d6106791f5222cf3769f3e76efa14ef720725256284787b341fa0ae047d9142f6bf6ddeaa47a7559909aaf391cdf17

Download Submit
memory/1940-18-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1940-20-0x0000000000250000-0x0000000000362000-memory.dmp

Filesize
1.1MB

Download
memory/1940-17-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1940-25-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2632-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2632-1-0x0000000000280000-0x0000000000392000-memory.dmp

Filesize
1.1MB

Download
memory/2632-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2632-13-0x0000000003510000-0x000000000397A000-memory.dmp

Filesize
4.4MB

Download
memory/2632-16-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download