2ce9a90e60dd3bb1f34d3aca94091d6ff24573979fc9e24562b2801e2355c220

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 02:22

Target

4c859588cb2daf6b5a199a1633c40d3b.exe
Size

59KB
MD5

4c859588cb2daf6b5a199a1633c40d3b
SHA1

0d42e57caf5cbbc65560eb9a451b86ac4fb1f297
SHA256

2ce9a90e60dd3bb1f34d3aca94091d6ff24573979fc9e24562b2801e2355c220
SHA512

e3de6ff238c034e83e7a371f5f99d7240d6d0132bf8662e7114a8dae66f4b998732764ce37d5a866d07d211b4d9be07ae15ae05376c6d0cc7a426ff6a232ff35
SSDEEP

1536:VMrautTvD2wKmd8IRRlfYrfm+gdqBU1tT9DJXISE08Q:VM1dbZdjRI7HlqISERQ

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2164	4c859588cb2daf6b5a199a1633c40d3b.exe

Executes dropped EXE 1 IoCs

pid	Process
2164	4c859588cb2daf6b5a199a1633c40d3b.exe

Loads dropped DLL 1 IoCs

pid	Process
824	4c859588cb2daf6b5a199a1633c40d3b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/824-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral1/files/0x000c0000000122f0-10.dat	upx
behavioral1/memory/824-14-0x00000000001E0000-0x000000000021D000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
824	4c859588cb2daf6b5a199a1633c40d3b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
824	4c859588cb2daf6b5a199a1633c40d3b.exe
2164	4c859588cb2daf6b5a199a1633c40d3b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 824 wrote to memory of 2164	824	4c859588cb2daf6b5a199a1633c40d3b.exe	29
PID 824 wrote to memory of 2164	824	4c859588cb2daf6b5a199a1633c40d3b.exe	29
PID 824 wrote to memory of 2164	824	4c859588cb2daf6b5a199a1633c40d3b.exe	29
PID 824 wrote to memory of 2164	824	4c859588cb2daf6b5a199a1633c40d3b.exe	29

\Users\Admin\AppData\Local\Temp\4c859588cb2daf6b5a199a1633c40d3b.exe

Filesize
59KB

MD5
2e0a9184610c8ee276396b240d98a9fe

SHA1
333518bb43e4f7cf78a21597ca6092269cd5f72d

SHA256
1372cc98504c3279a9ee8e305809468502d59231f7a73ac8d0bc19d957dc00e8

SHA512
d6cc8a7b0e494ee67c2c72da570a4aaad894c488c07edbace66c8eb5fb3f30b30159d3176910d8fe474bd37f089987f821da26c2cca03c749b6c588cb27c76be

Download Submit
memory/824-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/824-1-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/824-6-0x0000000000030000-0x000000000003F000-memory.dmp

Filesize
60KB

Download
memory/824-15-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/824-14-0x00000000001E0000-0x000000000021D000-memory.dmp

Filesize
244KB

Download
memory/2164-17-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2164-18-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2164-29-0x00000000002F0000-0x000000000030D000-memory.dmp

Filesize
116KB

Download
memory/2164-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2164-20-0x0000000000030000-0x000000000003F000-memory.dmp

Filesize
60KB

Download
memory/2164-30-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download