71cddade3c2ebf71487953513d284b53a44c899459af4cc5523955cf06f7917f

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 03:38

Target

3fcccb13d1f757adac7cfaa67e103b53.exe
Size

56KB
MD5

3fcccb13d1f757adac7cfaa67e103b53
SHA1

1c468cd7500d393fcd4321a35ad868abf95a6087
SHA256

71cddade3c2ebf71487953513d284b53a44c899459af4cc5523955cf06f7917f
SHA512

1e5fd2bc1bfe2e16213215d949fa00ad4d36ee9e418b713e685483fe322b0fe18a916fa1aeaa9d5450458fba64ce0d6683b3c1113dc892250767fea6aae872ce
SSDEEP

1536:TylGYT9p0ni9FYSuLXzAUEKtgdyWhQaJiyLS+5uE:TylpTLTFYfEKG1+avLo

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2668	3fcccb13d1f757adac7cfaa67e103b53.exe

Executes dropped EXE 1 IoCs

pid	Process
2668	3fcccb13d1f757adac7cfaa67e103b53.exe

Loads dropped DLL 1 IoCs

pid	Process
3044	3fcccb13d1f757adac7cfaa67e103b53.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3044-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x0008000000012263-10.dat	upx
behavioral1/memory/3044-12-0x0000000000180000-0x00000000001BA000-memory.dmp	upx
behavioral1/memory/2668-17-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3044	3fcccb13d1f757adac7cfaa67e103b53.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3044	3fcccb13d1f757adac7cfaa67e103b53.exe
2668	3fcccb13d1f757adac7cfaa67e103b53.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2668	3044	3fcccb13d1f757adac7cfaa67e103b53.exe	29
PID 3044 wrote to memory of 2668	3044	3fcccb13d1f757adac7cfaa67e103b53.exe	29
PID 3044 wrote to memory of 2668	3044	3fcccb13d1f757adac7cfaa67e103b53.exe	29
PID 3044 wrote to memory of 2668	3044	3fcccb13d1f757adac7cfaa67e103b53.exe	29

\Users\Admin\AppData\Local\Temp\3fcccb13d1f757adac7cfaa67e103b53.exe

Filesize
56KB

MD5
fae69c316dd358078ba868f30f518a16

SHA1
89dd19c290ce020363d5daf690ba24efbfc32197

SHA256
95f9f48a6c4aa75ff67d04ad9938be327ae87a55a635aa0e3c393d56bc6f2c4e

SHA512
ba91f82465062b8c1049a88e6b17929f8a90f517118300e175792dcc7c76a245f1e0e7b01adf61d471e4430a43f1a890863eb336ed8e04aac36f06784135ffc0

Download Submit
memory/2668-17-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2668-18-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2668-19-0x0000000000030000-0x000000000003E000-memory.dmp

Filesize
56KB

Download
memory/2668-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2668-26-0x0000000000310000-0x000000000032B000-memory.dmp

Filesize
108KB

Download
memory/2668-30-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3044-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3044-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3044-6-0x0000000000030000-0x000000000003E000-memory.dmp

Filesize
56KB

Download
memory/3044-12-0x0000000000180000-0x00000000001BA000-memory.dmp

Filesize
232KB

Download
memory/3044-16-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download