466a17debd0806933d3b85a39966129117461ef86a8a92571890420e09a94360

Analysis

max time kernel
119s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 13:57

Target

1ac16713ab51e9891479fe07f058c634.exe
Size

2.7MB
MD5

1ac16713ab51e9891479fe07f058c634
SHA1

5ae7123d7a32d3104da16e7a4e417365e6f641ae
SHA256

466a17debd0806933d3b85a39966129117461ef86a8a92571890420e09a94360
SHA512

fb8f000cead4e5494789aa6314c8dd097e6c432d6176bdff34bfdb743b022ac2c0c99793476e27a7ec2aba0baaf429e02b54626406427f96336c3df203df3e0b
SSDEEP

49152:Ie8VJraqgAQ6b75VfRaKyGleg4TwXoFouy5tR9D66sg+Av8TWaK5l8dAFk1R9j:Ie8jraob7DprXCsYgtHuR2v8TWaK5CdV

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2460	1ac16713ab51e9891479fe07f058c634.exe

Executes dropped EXE 1 IoCs

pid	Process
2460	1ac16713ab51e9891479fe07f058c634.exe

Loads dropped DLL 1 IoCs

pid	Process
2100	1ac16713ab51e9891479fe07f058c634.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2100-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x000a000000012022-10.dat	upx
behavioral1/memory/2460-16-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2100	1ac16713ab51e9891479fe07f058c634.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2100	1ac16713ab51e9891479fe07f058c634.exe
2460	1ac16713ab51e9891479fe07f058c634.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2460	2100	1ac16713ab51e9891479fe07f058c634.exe	28
PID 2100 wrote to memory of 2460	2100	1ac16713ab51e9891479fe07f058c634.exe	28
PID 2100 wrote to memory of 2460	2100	1ac16713ab51e9891479fe07f058c634.exe	28
PID 2100 wrote to memory of 2460	2100	1ac16713ab51e9891479fe07f058c634.exe	28

\Users\Admin\AppData\Local\Temp\1ac16713ab51e9891479fe07f058c634.exe

Filesize
2.7MB

MD5
6185c8b72ea530891b7f129e533961ab

SHA1
35246d70042350c9bfa356b6ce0e5b44a0144ad9

SHA256
a6e9e487703a7e12cc65eb5de203918851f241a5b26857efd3036b51e4f70be0

SHA512
82a74ee309035ac6dbed59f5062abf2465cd27c5b69bb015bba0401d92f724ae47b6ddf0400460c972506cdd410df75ed7aa93392970122b7fd5c9a540904c67

Download Submit
memory/2100-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2100-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2100-2-0x0000000000290000-0x00000000003C1000-memory.dmp

Filesize
1.2MB

Download
memory/2100-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2100-13-0x0000000003870000-0x0000000003D57000-memory.dmp

Filesize
4.9MB

Download
memory/2460-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2460-18-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2460-17-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2460-24-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2460-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2460-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download