f867f05176f145e7898ae6c3adcc2814402a7352721902f80daacf834e40599b

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:47

Target

75214418c602052280a7fd4373d53091.exe
Size

1.3MB
MD5

75214418c602052280a7fd4373d53091
SHA1

0000e3e02778e2bd0a1eee340977f67a395146be
SHA256

f867f05176f145e7898ae6c3adcc2814402a7352721902f80daacf834e40599b
SHA512

002a7adf3c34f0cadb8eb37dcdb18222e3f19be2ebcc34346ca8e22cd49e6cb759bdd47b96eb8f5c9a2f6c6b564be920b95ffa9890c6e0e6b7adfb8b0375da12
SSDEEP

24576:reVyXJfAT9wYNRamd/yNfo+MsEZSxMI1T4/pzemhn7tPOvG:r1JfC9wuRamEu+dEoxT4/f5tP

Score

7^/10

upx

Deletes itself 1 IoCs

Processes:

75214418c602052280a7fd4373d53091.exe

pid process

3044 75214418c602052280a7fd4373d53091.exe
Executes dropped EXE 1 IoCs

Processes:

75214418c602052280a7fd4373d53091.exe

pid process

3044 75214418c602052280a7fd4373d53091.exe
Loads dropped DLL 1 IoCs

Processes:

75214418c602052280a7fd4373d53091.exe

pid process

3020 75214418c602052280a7fd4373d53091.exe

pid	process
3044	75214418c602052280a7fd4373d53091.exe

pid	process
3044	75214418c602052280a7fd4373d53091.exe

pid	process
3020	75214418c602052280a7fd4373d53091.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/3020-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\75214418c602052280a7fd4373d53091.exe	upx

Suspicious behavior: RenamesItself 1 IoCs

Processes:

75214418c602052280a7fd4373d53091.exe

pid process

3020 75214418c602052280a7fd4373d53091.exe
Suspicious use of UnmapMainImage 2 IoCs

Processes:

75214418c602052280a7fd4373d53091.exe75214418c602052280a7fd4373d53091.exe

pid process

3020 75214418c602052280a7fd4373d53091.exe
3044 75214418c602052280a7fd4373d53091.exe

pid	process
3020	75214418c602052280a7fd4373d53091.exe

pid	process
3020	75214418c602052280a7fd4373d53091.exe
3044	75214418c602052280a7fd4373d53091.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

75214418c602052280a7fd4373d53091.exe

description	pid	process	target process
PID 3020 wrote to memory of 3044	3020	75214418c602052280a7fd4373d53091.exe	75214418c602052280a7fd4373d53091.exe
PID 3020 wrote to memory of 3044	3020	75214418c602052280a7fd4373d53091.exe	75214418c602052280a7fd4373d53091.exe
PID 3020 wrote to memory of 3044	3020	75214418c602052280a7fd4373d53091.exe	75214418c602052280a7fd4373d53091.exe
PID 3020 wrote to memory of 3044	3020	75214418c602052280a7fd4373d53091.exe	75214418c602052280a7fd4373d53091.exe

\Users\Admin\AppData\Local\Temp\75214418c602052280a7fd4373d53091.exe

Filesize
1.3MB

MD5
6e7009e3c5d9766794641975cf59274c

SHA1
65732c359cd5cb3921545aa8d28254a84c4fcd29

SHA256
7a727eb186f035a3a35f8f42dd245990188a43df5d0954d9e0a232a61d0da240

SHA512
fe0df228032d7cd61d14f7eb7eb61a8384664052cc310fb840982380f0506f4b5f5fbf8ac905ead502fa3b74d664875f764a22b9b921b458884c6714efa07a02

Download Submit
memory/3020-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/3020-2-0x0000000000290000-0x00000000003A2000-memory.dmp

Filesize
1.1MB

Download
memory/3020-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/3020-15-0x0000000003520000-0x000000000398A000-memory.dmp

Filesize
4.4MB

Download
memory/3020-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/3044-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/3044-20-0x0000000000250000-0x0000000000362000-memory.dmp

Filesize
1.1MB

Download
memory/3044-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/3044-26-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download