27035770b0d5e09e47ea323d3ca656481fa4b56891bd701d2c4a35b379e67191

Analysis

max time kernel
126s
max time network
275s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 13:00

Target

509f3270f290efb02fbfbaf80c94be2c.exe
Size

1.5MB
MD5

509f3270f290efb02fbfbaf80c94be2c
SHA1

f7ea28e812f2438d9cb71af388de1e30841e5d06
SHA256

27035770b0d5e09e47ea323d3ca656481fa4b56891bd701d2c4a35b379e67191
SHA512

ccacf033962176cecfc67ef80fde5d0ef597390ba24121d34458169ba667cbd0bbfd8b302ee180d249c6c4a7ea8cfe8f18a2e2b089afea8c50950a0127f05dab
SSDEEP

24576:i35JYJiz5yRYZoknwpV6VHCqRgNXuoXU7nqaUEl0MZEDwJWQmwFScjuU1vHoFGcj:6YJO5mIovn+HzCtjaZU3MZowJTmwFjjJ

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2128	509f3270f290efb02fbfbaf80c94be2c.exe

Executes dropped EXE 1 IoCs

pid	Process
2128	509f3270f290efb02fbfbaf80c94be2c.exe

Loads dropped DLL 1 IoCs

pid	Process
840	509f3270f290efb02fbfbaf80c94be2c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/840-3-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-10.dat	upx
behavioral1/memory/2128-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
840	509f3270f290efb02fbfbaf80c94be2c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
840	509f3270f290efb02fbfbaf80c94be2c.exe
2128	509f3270f290efb02fbfbaf80c94be2c.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 840 wrote to memory of 2128	840	509f3270f290efb02fbfbaf80c94be2c.exe	27
PID 840 wrote to memory of 2128	840	509f3270f290efb02fbfbaf80c94be2c.exe	27
PID 840 wrote to memory of 2128	840	509f3270f290efb02fbfbaf80c94be2c.exe	27
PID 840 wrote to memory of 2128	840	509f3270f290efb02fbfbaf80c94be2c.exe	27

\Users\Admin\AppData\Local\Temp\509f3270f290efb02fbfbaf80c94be2c.exe

Filesize
1.5MB

MD5
f45c496cb6c03179a5526faedaf83b6d

SHA1
fd5782248945eb2cfe1b0e2d3878aad0c7aba5a2

SHA256
d482d007846c641eb237718ca32dbc7b89ec170099e9768c275f20f2148728f4

SHA512
25f616d2f21f9711ed6f1dda4753f63f3ba2cf516666d0187e85a8a264462b15742d44a507b33bbadb52380f5b32417c628bde1843d8f39c44fd924985674ee5

Download Submit
memory/840-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/840-3-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/840-5-0x00000000002B0000-0x00000000003E3000-memory.dmp

Filesize
1.2MB

Download
memory/840-12-0x00000000037D0000-0x0000000003CBF000-memory.dmp

Filesize
4.9MB

Download
memory/840-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2128-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2128-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2128-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2128-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2128-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2128-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download