00a18aed439c65fec3ac0b8a7b3360cc64df7791b2cff3e68e4ba01f90ff4951

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 13:15

Target

539e43dd97a3341d54595329e9fbfb21.exe
Size

59KB
MD5

539e43dd97a3341d54595329e9fbfb21
SHA1

267b10b074decd98742c7e9446561ce4622c4b18
SHA256

00a18aed439c65fec3ac0b8a7b3360cc64df7791b2cff3e68e4ba01f90ff4951
SHA512

bd92d76d1135698fb07468287322c669686f121b0ec6605b027f1eef37d95aef3dda86aa2b985b55f42a7d5d106a2c713bda5660f3ecd3e8c29355489d73e2ab
SSDEEP

1536:XP7zOtlwnQCS7snKCcb+qtqSCNSbW2h1JxvLJie:Xiwnh1nRcb+6HCopdvLJie

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2400	539e43dd97a3341d54595329e9fbfb21.exe

Executes dropped EXE 1 IoCs

pid	Process
2400	539e43dd97a3341d54595329e9fbfb21.exe

Loads dropped DLL 1 IoCs

pid	Process
1868	539e43dd97a3341d54595329e9fbfb21.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1868-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral1/files/0x0008000000012222-16.dat	upx
behavioral1/memory/2400-17-0x0000000000400000-0x000000000043D000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1868	539e43dd97a3341d54595329e9fbfb21.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1868	539e43dd97a3341d54595329e9fbfb21.exe
2400	539e43dd97a3341d54595329e9fbfb21.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 2400	1868	539e43dd97a3341d54595329e9fbfb21.exe	29
PID 1868 wrote to memory of 2400	1868	539e43dd97a3341d54595329e9fbfb21.exe	29
PID 1868 wrote to memory of 2400	1868	539e43dd97a3341d54595329e9fbfb21.exe	29
PID 1868 wrote to memory of 2400	1868	539e43dd97a3341d54595329e9fbfb21.exe	29

C:\Users\Admin\AppData\Local\Temp\539e43dd97a3341d54595329e9fbfb21.exe

Filesize
59KB

MD5
0b604510abaabc52cf24d74da72bcf8a

SHA1
8c41b2ef9222a0d9ea4d18decf3281a5befaab19

SHA256
cee6acb69a4288d4ab8292c5113231a9c5e1506a180abebd1e7847302db56e25

SHA512
67fa6fe4131d7e07537b9764add2ca04c745ff833e485a30bc76a72aa9dd1c8e3fb7c6ea271d35824e06e9a4f9f4924e9b5315efe3be6a5fe5c28d5b82b89cc4

Download Submit
memory/1868-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1868-1-0x0000000000030000-0x000000000003F000-memory.dmp

Filesize
60KB

Download
memory/1868-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1868-15-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1868-14-0x0000000000160000-0x000000000019D000-memory.dmp

Filesize
244KB

Download
memory/2400-18-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2400-17-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2400-19-0x0000000000030000-0x000000000003F000-memory.dmp

Filesize
60KB

Download
memory/2400-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2400-29-0x00000000002F0000-0x000000000030D000-memory.dmp

Filesize
116KB

Download
memory/2400-30-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download