b0291b412037b2bbd5cb9f4061921da26d5d44140fc8d07af17d1e1d11a217ee

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 12:24

Target

186f96aa4ca26c3ff72afebecada3294.exe
Size

245KB
MD5

186f96aa4ca26c3ff72afebecada3294
SHA1

ed85ef0d110a970c7b0d066b4fca48e9a8e04616
SHA256

b0291b412037b2bbd5cb9f4061921da26d5d44140fc8d07af17d1e1d11a217ee
SHA512

d6fdcb1f9a90c821f8a6b996fc8798b4b1f35316f44ddf5143de9aa688c8f7dcfc70cdeb7fd15866b9d3f35f3d738e9edb965e3b60bb26ec184fd86af2b34c4b
SSDEEP

3072:blN9RkkkkkkTLJ0Y6LFKab6lN9RkkkkkkTLJ0Y6LFy24ERCd2:5dkkkkkkZ6ZXAdkkkkkkZ6Zt

Score

7^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2212-0-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/memory/2212-1-0x0000000000400000-0x0000000000423000-memory.dmp	upx
behavioral1/files/0x00080000000167c9-7.dat	upx
behavioral1/memory/2212-18-0x0000000000400000-0x0000000000423000-memory.dmp	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\SJoAAQtmd.com	186f96aa4ca26c3ff72afebecada3294.exe

Drops file in Windows directory 15 IoCs

description	ioc	Process
File created	C:\Windows\win32dc\BattleField 1942(nocd).exe	186f96aa4ca26c3ff72afebecada3294.exe
File opened for modification	C:\Windows\win32dc\BattleField 1942(nocd).exe	186f96aa4ca26c3ff72afebecada3294.exe
File created	C:\Windows\win32dc\Half-Life 2 crack.exe	186f96aa4ca26c3ff72afebecada3294.exe
File created	C:\Windows\win32dc\Quake3_trainer.exe	186f96aa4ca26c3ff72afebecada3294.exe
File opened for modification	C:\Windows\win32dc\UT2004_serial.exe	186f96aa4ca26c3ff72afebecada3294.exe
File opened for modification	C:\Windows\win32dc\FlatOut trainer.exe	186f96aa4ca26c3ff72afebecada3294.exe
File opened for modification	C:\Windows\win32dc\Half-Life 2 crack.exe	186f96aa4ca26c3ff72afebecada3294.exe
File created	C:\Windows\win32dc\DAoC(nocd).exe	186f96aa4ca26c3ff72afebecada3294.exe
File created	C:\Windows\win32dc\Quake3_cdfix.exe	186f96aa4ca26c3ff72afebecada3294.exe
File opened for modification	C:\Windows\win32dc\BattleField 1942 patch.exe	186f96aa4ca26c3ff72afebecada3294.exe
File created	C:\Windows\win32dc\FlatOut trainer.exe	186f96aa4ca26c3ff72afebecada3294.exe
File created	C:\Windows\win32dc\Doom 3 + serial.exe	186f96aa4ca26c3ff72afebecada3294.exe
File created	C:\Windows\win32dc\DAoC_fix.exe	186f96aa4ca26c3ff72afebecada3294.exe
File created	C:\Windows\win32dc\BattleField 1942 patch.exe	186f96aa4ca26c3ff72afebecada3294.exe
File created	C:\Windows\win32dc\UT2004_serial.exe	186f96aa4ca26c3ff72afebecada3294.exe

C:\Windows\win32dc\UT2004_serial.exe

Filesize
245KB

MD5
71166177da7c8d35e7dd6ca1dbd4f2e3

SHA1
e9f92defdae8cfe7ea28a8cc0abcd35d4bb15f46

SHA256
62b0b3bc7087bb3e188c86b0afde1020e200f4192e6fe183c8396c4ec6d849c9

SHA512
7650310ce52f76e5e72c1491fd9f3e28f8a683ee76aff3763f1fe76992fabb5cc663174884564be7fde04fcb84ba0d3a3912b793987be06074011aaa4ba9af81

Download Submit
memory/2212-0-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2212-1-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2212-18-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download