4710c579e5e06e66073a67738fcf9bfd216864509c7e03270f40c7311d0425fe

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/01/2024, 22:42

Target

3f36e8740da739d0e698abf67e775798.exe
Size

26KB
MD5

3f36e8740da739d0e698abf67e775798
SHA1

adcd1e56970840e101fcf4e2094acbb902cb8877
SHA256

4710c579e5e06e66073a67738fcf9bfd216864509c7e03270f40c7311d0425fe
SHA512

285fda3a664d58cb46534e071681eedd7937b8bc91b5fdccb6c9dd706604c322906c6a86518d1a390c60c5248e9bb60fe45a4bc8f60a587377d558567175f6f7
SSDEEP

768:d3VIGQV6AJUNh3CTb1Xw6NkOz2Nx1lJkkh8Uzm:d3urpJUNFc5ExvC7

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1104	svchost.exe

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe	svchost.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe	svchost.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2236-0-0x0000000000400000-0x0000000000414000-memory.dmp	upx
behavioral1/files/0x000c000000012243-10.dat	upx

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
2236	3f36e8740da739d0e698abf67e775798.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 1104	2236	3f36e8740da739d0e698abf67e775798.exe	28
PID 2236 wrote to memory of 1104	2236	3f36e8740da739d0e698abf67e775798.exe	28
PID 2236 wrote to memory of 1104	2236	3f36e8740da739d0e698abf67e775798.exe	28
PID 2236 wrote to memory of 1104	2236	3f36e8740da739d0e698abf67e775798.exe	28

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dxdiag.exe

Filesize
26KB

MD5
3f36e8740da739d0e698abf67e775798

SHA1
adcd1e56970840e101fcf4e2094acbb902cb8877

SHA256
4710c579e5e06e66073a67738fcf9bfd216864509c7e03270f40c7311d0425fe

SHA512
285fda3a664d58cb46534e071681eedd7937b8bc91b5fdccb6c9dd706604c322906c6a86518d1a390c60c5248e9bb60fe45a4bc8f60a587377d558567175f6f7

Download Submit
memory/1104-8-0x0000000000080000-0x0000000000082000-memory.dmp

Filesize
8KB

Download
memory/1104-5-0x0000000000080000-0x0000000000082000-memory.dmp

Filesize
8KB

Download
memory/1104-56-0x0000000000080000-0x0000000000082000-memory.dmp

Filesize
8KB

Download
memory/2236-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2236-1-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download
memory/2236-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2236-3-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2236-50-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download