85dd86b519eea14485fd9ed45fc45297db9eba39d8c5d98a02193ae24ad646fc

Analysis

max time kernel
10s
max time network
156s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08-01-2024 20:14

Target

4c5b7b359c7c53a296f58b03b28d257c.exe
Size

133KB
MD5

4c5b7b359c7c53a296f58b03b28d257c
SHA1

c1870eb60017ae29b92ef0d847c492a997f93f3c
SHA256

85dd86b519eea14485fd9ed45fc45297db9eba39d8c5d98a02193ae24ad646fc
SHA512

9274cfbc47cf014a76328cfddbbac10ff333c59158061c789247d7cf654e5b71a216467b55c128aa83e5ebbe7d13d5aadee5799172df8247a14d2ce76ba9e89f
SSDEEP

3072:XSrRtHZMRKoo8HhQVrFnNLBtK1Alpd6rKcrSXhYafQ:iP5MIqh2pntBJlpdGrSXhdQ

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1888	4c5b7b359c7c53a296f58b03b28d257c.exe

Executes dropped EXE 1 IoCs

pid	Process
1888	4c5b7b359c7c53a296f58b03b28d257c.exe

Loads dropped DLL 1 IoCs

pid	Process
3060	4c5b7b359c7c53a296f58b03b28d257c.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/files/0x000c000000013138-11.dat	upx
behavioral1/memory/3060-0-0x0000000000400000-0x0000000000486000-memory.dmp	upx
behavioral1/files/0x000c000000013138-16.dat	upx
behavioral1/memory/3060-15-0x0000000000340000-0x00000000003C6000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3060	4c5b7b359c7c53a296f58b03b28d257c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3060	4c5b7b359c7c53a296f58b03b28d257c.exe
1888	4c5b7b359c7c53a296f58b03b28d257c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 1888	3060	4c5b7b359c7c53a296f58b03b28d257c.exe	18
PID 3060 wrote to memory of 1888	3060	4c5b7b359c7c53a296f58b03b28d257c.exe	18
PID 3060 wrote to memory of 1888	3060	4c5b7b359c7c53a296f58b03b28d257c.exe	18
PID 3060 wrote to memory of 1888	3060	4c5b7b359c7c53a296f58b03b28d257c.exe	18

\Users\Admin\AppData\Local\Temp\4c5b7b359c7c53a296f58b03b28d257c.exe

Filesize
3KB

MD5
8ede8e863924e76ec19880a12f912f87

SHA1
aa9d25999a286604e72a96492284c844b8e6b834

SHA256
75f3c404cb7f4b674f01ef5914041633760cfc1997f1299743db28b19cdb9fce

SHA512
25e2ca7a6a654e50846bf0909c91c7c3575230354c43f9558450c90fc0c6948a74402ced888f56d03642f18d6f1e2b0226d74160b4c631f03c18ee508c741200

Download Submit
memory/1888-20-0x0000000000150000-0x0000000000171000-memory.dmp

Filesize
132KB

Download
memory/1888-18-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1888-43-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/3060-4-0x00000000001E0000-0x0000000000201000-memory.dmp

Filesize
132KB

Download
memory/3060-1-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3060-0-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/3060-15-0x0000000000340000-0x00000000003C6000-memory.dmp

Filesize
536KB

Download
memory/3060-14-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download