6d15dd98bd82cb73b5653d38ab12054485fd6b5d8072c1062f3a253570749d5d

Analysis

max time kernel
120s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:34

Target

2a30ca4573dd86b58163c684d28ea603.exe
Size

1.3MB
MD5

2a30ca4573dd86b58163c684d28ea603
SHA1

8a82e1bb1a5efec08015ecbe47b417c7ff1de07c
SHA256

6d15dd98bd82cb73b5653d38ab12054485fd6b5d8072c1062f3a253570749d5d
SHA512

255bbd3258d027b0b18855fafa28334e5a43fb5108ab731528e358627a4fb8d72dba08e33414918fe3224b1279ef6af98a3e48735963412f284eebe0f7172c10
SSDEEP

24576:myRG8EsC0xz9Ge7LYTpUjIj6A1GqNAbcIq8u2bgEI2vG:HobfCzsC2GatSg

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2360	2a30ca4573dd86b58163c684d28ea603.exe

Executes dropped EXE 1 IoCs

pid	Process
2360	2a30ca4573dd86b58163c684d28ea603.exe

Loads dropped DLL 1 IoCs

pid	Process
2128	2a30ca4573dd86b58163c684d28ea603.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2128-1-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000900000001225b-11.dat	upx
behavioral1/files/0x000900000001225b-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2128	2a30ca4573dd86b58163c684d28ea603.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2128	2a30ca4573dd86b58163c684d28ea603.exe
2360	2a30ca4573dd86b58163c684d28ea603.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2360	2128	2a30ca4573dd86b58163c684d28ea603.exe	28
PID 2128 wrote to memory of 2360	2128	2a30ca4573dd86b58163c684d28ea603.exe	28
PID 2128 wrote to memory of 2360	2128	2a30ca4573dd86b58163c684d28ea603.exe	28
PID 2128 wrote to memory of 2360	2128	2a30ca4573dd86b58163c684d28ea603.exe	28

\Users\Admin\AppData\Local\Temp\2a30ca4573dd86b58163c684d28ea603.exe

Filesize
576KB

MD5
c17284fdbc9aa0c9e178ccf06b5dcd87

SHA1
35db33fc5c07fccebdd4e2cec5337b7a2c8f41f9

SHA256
39b19c801add85dcb17b7ba4778493b54f55634901b0319723b43f6495b180ac

SHA512
e0e42b7843e99a32d84723de3cfc7eff43b9d8d4adfcf219d613a18efc7ef4b5c9d53239c100c3c91959326a9ace0dbfee9f0bf2c000574e5f2f94775cd07fb0

Download Submit
memory/2128-0-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2128-1-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2128-3-0x0000000000290000-0x00000000003A2000-memory.dmp

Filesize
1.1MB

Download
memory/2128-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2128-16-0x0000000003520000-0x000000000398A000-memory.dmp

Filesize
4.4MB

Download
memory/2360-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2360-20-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2360-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2360-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download