13787ab91a2fbb2fb2492d4b36687c9b7d95051a6e6c5d25ffbf5d78cfc34481

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 13:36

Target

569a99971fc0e576b44e35a1ce0687d3.exe
Size

1.5MB
MD5

569a99971fc0e576b44e35a1ce0687d3
SHA1

2f2a1fe239b28b7f0896bbee2fe19ea8e57fb644
SHA256

13787ab91a2fbb2fb2492d4b36687c9b7d95051a6e6c5d25ffbf5d78cfc34481
SHA512

0fe79be7453ffd52d0578bd5e2d5b3d15737edd6ba142101d74ea54f3c2a4fc0f0a1a6a353becc092fbe1ff2190ef6101d1423aef9a161e24455039bdbbe5954
SSDEEP

24576:1HmW1paBmPZ9vCU2lxBHh9sWLi6P4ws4oIIin0JqeZnvsUoBrKFRW:wI5PjvC9lheW+6zs80oqvsUoE

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2236	569a99971fc0e576b44e35a1ce0687d3.exe

Executes dropped EXE 1 IoCs

pid	Process
2236	569a99971fc0e576b44e35a1ce0687d3.exe

Loads dropped DLL 1 IoCs

pid	Process
2408	569a99971fc0e576b44e35a1ce0687d3.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2408-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00050000000120fb-10.dat	upx
behavioral1/memory/2408-15-0x0000000003670000-0x0000000003B5F000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2408	569a99971fc0e576b44e35a1ce0687d3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2408	569a99971fc0e576b44e35a1ce0687d3.exe
2236	569a99971fc0e576b44e35a1ce0687d3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2236	2408	569a99971fc0e576b44e35a1ce0687d3.exe	28
PID 2408 wrote to memory of 2236	2408	569a99971fc0e576b44e35a1ce0687d3.exe	28
PID 2408 wrote to memory of 2236	2408	569a99971fc0e576b44e35a1ce0687d3.exe	28
PID 2408 wrote to memory of 2236	2408	569a99971fc0e576b44e35a1ce0687d3.exe	28

\Users\Admin\AppData\Local\Temp\569a99971fc0e576b44e35a1ce0687d3.exe

Filesize
1.5MB

MD5
7e130c64f962579151dd3ca013d931b0

SHA1
60da40227a9ad1f04d5bc01caa078bf96ba31ea8

SHA256
45af3642b3ab2a80792723cd6423fb4f03913e895eb4a064de646f624194302c

SHA512
bb238c8c5662595ed5e472b8cd428de69e63ffb349c76334c0958536a42967964c4600253cc805a501a3d2a8e121f5fcf5dec3e5e111472f7500ed9e1dec1a2e

Download Submit
memory/2236-18-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2236-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2236-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2236-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2236-25-0x0000000003420000-0x000000000364A000-memory.dmp

Filesize
2.2MB

Download
memory/2236-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2408-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2408-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2408-2-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2408-15-0x0000000003670000-0x0000000003B5F000-memory.dmp

Filesize
4.9MB

Download
memory/2408-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download