792aae4352d73717bf51021665b3727571fd3989734e295611e2cbe11ade668c

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:12

Target

27a81213d1580cc5ae99eaa62a6fbc8a.exe
Size

2.9MB
MD5

27a81213d1580cc5ae99eaa62a6fbc8a
SHA1

c2d542f5a1f7a35f69913c6f589bb22935b91b28
SHA256

792aae4352d73717bf51021665b3727571fd3989734e295611e2cbe11ade668c
SHA512

b83193e3cee241310369f8a0af7552f77d6f67d8e2d71286fb7913eede717f1304a23751fd96d1d710b6d60da3e962cdb8b6518aa32b30e7b29c23f71f943c7d
SSDEEP

49152:IDqo+hxhVW0L6F8nDpN74NH5HUyNRcUsCVOzetdZJ:Ij+h7U0L62Dp4HBUCczzM3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3056	27a81213d1580cc5ae99eaa62a6fbc8a.exe

Executes dropped EXE 1 IoCs

pid	Process
3056	27a81213d1580cc5ae99eaa62a6fbc8a.exe

Loads dropped DLL 1 IoCs

pid	Process
2644	27a81213d1580cc5ae99eaa62a6fbc8a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2644-2-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000900000001225c-10.dat	upx
behavioral1/memory/3056-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2644	27a81213d1580cc5ae99eaa62a6fbc8a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2644	27a81213d1580cc5ae99eaa62a6fbc8a.exe
3056	27a81213d1580cc5ae99eaa62a6fbc8a.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 3056	2644	27a81213d1580cc5ae99eaa62a6fbc8a.exe	28
PID 2644 wrote to memory of 3056	2644	27a81213d1580cc5ae99eaa62a6fbc8a.exe	28
PID 2644 wrote to memory of 3056	2644	27a81213d1580cc5ae99eaa62a6fbc8a.exe	28
PID 2644 wrote to memory of 3056	2644	27a81213d1580cc5ae99eaa62a6fbc8a.exe	28

\Users\Admin\AppData\Local\Temp\27a81213d1580cc5ae99eaa62a6fbc8a.exe

Filesize
2.9MB

MD5
ae4369fab04635ef1e19ef7e6da98ec5

SHA1
b5ffa378f34abe4e77fc243b2c489f80a7df37b9

SHA256
ad31c625724a2757483d6a4f283e1cde46eb19acfda2da646fb450b0fbd79700

SHA512
a5d2ce0c06e5b8eb726c788ac48ff700f63c729d6d5a180b31180ab5b52660706fc5661387c625bbd51c57f8f1fed4da1dc1107711fdf59f557d83b886292a61

Download Submit
memory/2644-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2644-2-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2644-4-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/2644-15-0x00000000038A0000-0x0000000003D8F000-memory.dmp

Filesize
4.9MB

Download
memory/2644-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3056-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3056-18-0x0000000000250000-0x0000000000383000-memory.dmp

Filesize
1.2MB

Download
memory/3056-19-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3056-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3056-26-0x00000000034E0000-0x000000000370A000-memory.dmp

Filesize
2.2MB

Download
memory/3056-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download