c789575ddfb8bfcda1695c1fa9076c8e1b252b5bc40c4b98e57f3e9d9fb62c92

Analysis

max time kernel
110s
max time network
239s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 22:32

Target

6633c193aaac9d205def4bcaac387151.exe
Size

2.9MB
MD5

6633c193aaac9d205def4bcaac387151
SHA1

da47f82d1df3b81a5f473e645fe5032e7cc74a81
SHA256

c789575ddfb8bfcda1695c1fa9076c8e1b252b5bc40c4b98e57f3e9d9fb62c92
SHA512

4a76df31bc0196dea1e1c745317948516a139d3165ef4311bbbe8c793ad1760eb66e0a3386c4f5d8c8b12f12b006a94e98791d3640c221f1cc6713c8bab15b07
SSDEEP

49152:GFISbCdCczg8d0j81g1eZPLfP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:GFOscoYZzgg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2268	6633c193aaac9d205def4bcaac387151.exe

Executes dropped EXE 1 IoCs

pid	Process
2268	6633c193aaac9d205def4bcaac387151.exe

Loads dropped DLL 1 IoCs

pid	Process
2624	6633c193aaac9d205def4bcaac387151.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2624-1-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-10.dat	upx
behavioral1/memory/2268-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2624	6633c193aaac9d205def4bcaac387151.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2624	6633c193aaac9d205def4bcaac387151.exe
2268	6633c193aaac9d205def4bcaac387151.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2624 wrote to memory of 2268	2624	6633c193aaac9d205def4bcaac387151.exe	29
PID 2624 wrote to memory of 2268	2624	6633c193aaac9d205def4bcaac387151.exe	29
PID 2624 wrote to memory of 2268	2624	6633c193aaac9d205def4bcaac387151.exe	29
PID 2624 wrote to memory of 2268	2624	6633c193aaac9d205def4bcaac387151.exe	29

\Users\Admin\AppData\Local\Temp\6633c193aaac9d205def4bcaac387151.exe

Filesize
2.9MB

MD5
d4c7ef6dde72bea138af9565cb37aebb

SHA1
cc6dc04f26fc75f715c6346b1ccd3d69645f7b48

SHA256
9049a6e15057120c51ae673c68bcc7fd439242e7509e37581dc649cd15ceb7ff

SHA512
130c474353312ad0d80c4600310a2a2d9df329bad49a1b59f24d74c224d9f5514af9248689eb89bae18b2f7b10e85b3a3c00e926c7066d38483477fb0b7c153f

Download Submit
memory/2268-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2268-18-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2268-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2268-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2268-25-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2268-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2624-0-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2624-1-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2624-3-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2624-12-0x0000000003940000-0x0000000003E2F000-memory.dmp

Filesize
4.9MB

Download
memory/2624-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download