aa8e601691ed2006b45032c9ba3203fefead7a94ff6a88be813f4cceaa4f1a13

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 06:08

Target

2b36b25fe1bb3a0481fede9a95429b66.exe
Size

1.3MB
MD5

2b36b25fe1bb3a0481fede9a95429b66
SHA1

d2f32fe1244833369a1a90571a2e88c8305fdac2
SHA256

aa8e601691ed2006b45032c9ba3203fefead7a94ff6a88be813f4cceaa4f1a13
SHA512

cab1493b6f3ce6e4a9a2e5fc30f5778d8a0e861a7932c9588db2ef4ab9ba105c1e63657050caeb90cfb655321e077c05c19e04f0a68e28da1663bafab88e7370
SSDEEP

24576:iLwZsAgxbJCxevMWRKqK/kpO2uIYtbo0b/jHeJLkku5kHCr/63jqnR89U/AU9/9j:YUbgxr5RHcT2uIYtbo0K2yw6TSR9R9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2136	2b36b25fe1bb3a0481fede9a95429b66.exe

Executes dropped EXE 1 IoCs

pid	Process
2136	2b36b25fe1bb3a0481fede9a95429b66.exe

Loads dropped DLL 1 IoCs

pid	Process
2844	2b36b25fe1bb3a0481fede9a95429b66.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2844-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/memory/2136-17-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/memory/2844-14-0x00000000035D0000-0x0000000003AB7000-memory.dmp	upx
behavioral1/files/0x000a000000012243-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2844	2b36b25fe1bb3a0481fede9a95429b66.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2844	2b36b25fe1bb3a0481fede9a95429b66.exe
2136	2b36b25fe1bb3a0481fede9a95429b66.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2136	2844	2b36b25fe1bb3a0481fede9a95429b66.exe	28
PID 2844 wrote to memory of 2136	2844	2b36b25fe1bb3a0481fede9a95429b66.exe	28
PID 2844 wrote to memory of 2136	2844	2b36b25fe1bb3a0481fede9a95429b66.exe	28
PID 2844 wrote to memory of 2136	2844	2b36b25fe1bb3a0481fede9a95429b66.exe	28

memory/2136-24-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2136-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2136-25-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2136-18-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2136-19-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2136-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2844-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2844-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2844-14-0x00000000035D0000-0x0000000003AB7000-memory.dmp

Filesize
4.9MB

Download
memory/2844-13-0x0000000000780000-0x00000000008E1000-memory.dmp

Filesize
1.4MB

Download
memory/2844-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2844-1-0x0000000000270000-0x00000000003A1000-memory.dmp

Filesize
1.2MB

Download