16f58521293ffe1fd10351aeeb36388d56305ba38ca65d17fc9b89e3a606ebe7

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 11:20

Target

653f71c1a5fe85909d517abe0af76f1d.exe
Size

197KB
MD5

653f71c1a5fe85909d517abe0af76f1d
SHA1

e0a00c6444ea529d36b2fc0592ca6f9c248318f8
SHA256

16f58521293ffe1fd10351aeeb36388d56305ba38ca65d17fc9b89e3a606ebe7
SHA512

4934b17ae7ab16534ea216db0055bbc0a2b7893284097e837b7ce57ba15a138a5e578d17d02e95c01742f64a3d4888ae1c0113013732be8b9ffc0ccbecaf50e0
SSDEEP

6144:Wh6a0bGLykONFe0UAevJ1LexhhsnpyXBlj:WhL9ykOdI1cupGB

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2644-0-0x0000000000400000-0x000000000043F000-memory.dmp	upx

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2644	653f71c1a5fe85909d517abe0af76f1d.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2840	2644	653f71c1a5fe85909d517abe0af76f1d.exe	28
PID 2644 wrote to memory of 2840	2644	653f71c1a5fe85909d517abe0af76f1d.exe	28
PID 2644 wrote to memory of 2840	2644	653f71c1a5fe85909d517abe0af76f1d.exe	28
PID 2644 wrote to memory of 2840	2644	653f71c1a5fe85909d517abe0af76f1d.exe	28
PID 2644 wrote to memory of 2840	2644	653f71c1a5fe85909d517abe0af76f1d.exe	28
PID 2644 wrote to memory of 2840	2644	653f71c1a5fe85909d517abe0af76f1d.exe	28
PID 2644 wrote to memory of 2840	2644	653f71c1a5fe85909d517abe0af76f1d.exe	28

memory/2644-0-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2644-1-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2644-2-0x0000000000230000-0x000000000025C000-memory.dmp

Filesize
176KB

Download
memory/2644-3-0x0000000000290000-0x00000000002A4000-memory.dmp

Filesize
80KB

Download
memory/2644-6-0x0000000000290000-0x00000000002A4000-memory.dmp

Filesize
80KB

Download
memory/2840-4-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download
memory/2840-5-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download
memory/2840-7-0x0000000000D40000-0x0000000000D48000-memory.dmp

Filesize
32KB

Download
memory/2840-8-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download
memory/2840-11-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download