9c33cae0902db3d436e73a362696460a647f945cf41ff0e13a4d6c4aa5467682

Analysis

max time kernel
118s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:48

Target

389dafccd85e67ec9a9537e1ebe474e3.exe
Size

22KB
MD5

389dafccd85e67ec9a9537e1ebe474e3
SHA1

a5f364f152e4ecae6b12f0b61d190f5b62681c15
SHA256

9c33cae0902db3d436e73a362696460a647f945cf41ff0e13a4d6c4aa5467682
SHA512

707a9f6c0de70d969047e8b6a73689c8605d65d01afcc0eb022116f55b8e9d6d9ce1c05737d1983304d906dc440a25fd333520de799f6aeffb397380e5c4a08e
SSDEEP

384:L7wst2otvRU56W1MtrZWuuE9WRnV+GD6BGoEGZ7iZcPy9k3salYDPrDOi6k/Fg:L7bt2yRU53atrZWfnV+lhRKMsa4HO3k/

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2708	svchost.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2244-0-0x0000000000400000-0x0000000000415000-memory.dmp	upx

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2244	389dafccd85e67ec9a9537e1ebe474e3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2708	2244	389dafccd85e67ec9a9537e1ebe474e3.exe	27
PID 2244 wrote to memory of 2708	2244	389dafccd85e67ec9a9537e1ebe474e3.exe	27
PID 2244 wrote to memory of 2708	2244	389dafccd85e67ec9a9537e1ebe474e3.exe	27
PID 2244 wrote to memory of 2708	2244	389dafccd85e67ec9a9537e1ebe474e3.exe	27

C:\Users\Admin\AppData\Local\Temp\389dafccd85e67ec9a9537e1ebe474e3.exe
"C:\Users\Admin\AppData\Local\Temp\389dafccd85e67ec9a9537e1ebe474e3.exe"
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe
  2⤵
  - Deletes itself
  PID:2708

memory/2244-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2244-1-0x0000000000220000-0x0000000000223000-memory.dmp

Filesize
12KB

Download
memory/2244-3-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2244-2-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/2708-4-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2708-5-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download