05f3c61c8ef01eec11c70e772bdcce7079cb2ae7aada9ebdcbf73f9505022626

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 13:50

Target

38b2eca13553190ac120dfc15b341aab.exe
Size

1.5MB
MD5

38b2eca13553190ac120dfc15b341aab
SHA1

9ce646efb4921c96017d1aca50a4294d3efa4297
SHA256

05f3c61c8ef01eec11c70e772bdcce7079cb2ae7aada9ebdcbf73f9505022626
SHA512

d2387e7424da2118f4f3b28f40836cba43f2f542b9a520fddf757b51a8ee7b7c4e81785a70cc486e16c8000a48b7f6b68271904534ca1f64f1dba945b7beba2b
SSDEEP

24576:fLLa8po5D2eP4tAZze7RkuOPQi+C3X5VN7x30FlbxN9aHvLMk5CJAfCloBDwW:/M5D2KZgkuOIE5VUPYgk5CgC4Dw

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2900	38b2eca13553190ac120dfc15b341aab.exe

Executes dropped EXE 1 IoCs

pid	Process
2900	38b2eca13553190ac120dfc15b341aab.exe

Loads dropped DLL 1 IoCs

pid	Process
1672	38b2eca13553190ac120dfc15b341aab.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2900-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0009000000014395-10.dat	upx
behavioral1/memory/1672-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1672	38b2eca13553190ac120dfc15b341aab.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1672	38b2eca13553190ac120dfc15b341aab.exe
2900	38b2eca13553190ac120dfc15b341aab.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 2900	1672	38b2eca13553190ac120dfc15b341aab.exe	18
PID 1672 wrote to memory of 2900	1672	38b2eca13553190ac120dfc15b341aab.exe	18
PID 1672 wrote to memory of 2900	1672	38b2eca13553190ac120dfc15b341aab.exe	18
PID 1672 wrote to memory of 2900	1672	38b2eca13553190ac120dfc15b341aab.exe	18

memory/1672-15-0x0000000003750000-0x0000000003C3F000-memory.dmp

Filesize
4.9MB

Download
memory/1672-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1672-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1672-2-0x0000000000230000-0x0000000000363000-memory.dmp

Filesize
1.2MB

Download
memory/1672-31-0x0000000003750000-0x0000000003C3F000-memory.dmp

Filesize
4.9MB

Download
memory/1672-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2900-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2900-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2900-26-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2900-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2900-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2900-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download