9c9b861dfd9e32a5d07b0b36813a8b59a9deb83e93721286b4ee832176b640bc

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
15-01-2024 00:27

Target

5ba66840ec7228428e34643a521150b6.exe
Size

138KB
MD5

5ba66840ec7228428e34643a521150b6
SHA1

b4dc955ed8eefd68d40bdb57e605a18200e8a0c8
SHA256

9c9b861dfd9e32a5d07b0b36813a8b59a9deb83e93721286b4ee832176b640bc
SHA512

8ff0b529d6bdcd25fb90e5a12d6055fc7065c6fe908a35765ebddffbb3c426c618a52b9bd8758bcf9c810f10cdc1d0ea124127830dad9021f455c142e8716da9
SSDEEP

3072:TErnCDPkmx1yD0HRfJWgHc3K3lZHT/H2Wsjmm:orGFxEDiRhn83K3beWsjm

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2116-0-0x0000000000400000-0x0000000000436000-memory.dmp	upx

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2116	5ba66840ec7228428e34643a521150b6.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 3044	2116	5ba66840ec7228428e34643a521150b6.exe	28
PID 2116 wrote to memory of 3044	2116	5ba66840ec7228428e34643a521150b6.exe	28
PID 2116 wrote to memory of 3044	2116	5ba66840ec7228428e34643a521150b6.exe	28
PID 2116 wrote to memory of 3044	2116	5ba66840ec7228428e34643a521150b6.exe	28
PID 2116 wrote to memory of 3044	2116	5ba66840ec7228428e34643a521150b6.exe	28
PID 2116 wrote to memory of 3044	2116	5ba66840ec7228428e34643a521150b6.exe	28
PID 2116 wrote to memory of 3044	2116	5ba66840ec7228428e34643a521150b6.exe	28

memory/2116-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2116-2-0x00000000001B0000-0x00000000001B2000-memory.dmp

Filesize
8KB

Download
memory/2116-3-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2116-6-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3044-4-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download
memory/3044-5-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download
memory/3044-7-0x0000000000410000-0x0000000000418000-memory.dmp

Filesize
32KB

Download
memory/3044-8-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download
memory/3044-11-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download