8aaec19f6028445cb34bafcb3cf3b0b645af410ca5225618154a1053e68ebbb8

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 20:17

Target

784bca0e840284a32d43d160a4a43914.exe
Size

1.5MB
MD5

784bca0e840284a32d43d160a4a43914
SHA1

7ed0a99c5d6e8a0af80d5927e91aecd358abf05f
SHA256

8aaec19f6028445cb34bafcb3cf3b0b645af410ca5225618154a1053e68ebbb8
SHA512

49b8e8dfecb8e8982811d68b7fdf66bec3533e02bb1a0549e81a1bacb8fc326063ff4f366a5e1eed6b16e82b9df807254bc018f547c191444d24e9a20ed341b5
SSDEEP

24576:Gu6OquYt7ps3mjvQvjcjukL2xdn+Op4ty+0iWZKAsR+WLodcjukL2Y:GVOs7ps3mjIvjcakLadn+Op4ty+0tZnk

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2840	784bca0e840284a32d43d160a4a43914.exe

Executes dropped EXE 1 IoCs

pid	Process
2840	784bca0e840284a32d43d160a4a43914.exe

Loads dropped DLL 1 IoCs

pid	Process
3024	784bca0e840284a32d43d160a4a43914.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3024-0-0x0000000000400000-0x000000000065C000-memory.dmp	upx
behavioral1/files/0x0009000000012287-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3024	784bca0e840284a32d43d160a4a43914.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3024	784bca0e840284a32d43d160a4a43914.exe
2840	784bca0e840284a32d43d160a4a43914.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2840	3024	784bca0e840284a32d43d160a4a43914.exe	29
PID 3024 wrote to memory of 2840	3024	784bca0e840284a32d43d160a4a43914.exe	29
PID 3024 wrote to memory of 2840	3024	784bca0e840284a32d43d160a4a43914.exe	29
PID 3024 wrote to memory of 2840	3024	784bca0e840284a32d43d160a4a43914.exe	29

\Users\Admin\AppData\Local\Temp\784bca0e840284a32d43d160a4a43914.exe

Filesize
1.5MB

MD5
4fb731d2180ed07936965e00b1bbc9b0

SHA1
c5eedf2dc837e96fb7b03447b401f55dd9737ff5

SHA256
01996016ab506b7800604faf1e95a72015838ca41b8623f732cdb41b660de0f2

SHA512
9d66d0b2636b237d054f5ae4aede5688043874d9a4d6a422517573a1e49d33004596218f5bfe4075529dbc2282c5555d58755708005905bd0f39c9aefd707f2c

Download Submit
memory/2840-20-0x0000000000400000-0x000000000065C000-memory.dmp

Filesize
2.4MB

Download
memory/2840-22-0x0000000022DF0000-0x0000000022E6E000-memory.dmp

Filesize
504KB

Download
memory/2840-27-0x0000000000470000-0x00000000004DB000-memory.dmp

Filesize
428KB

Download
memory/2840-26-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2840-31-0x0000000000400000-0x000000000065C000-memory.dmp

Filesize
2.4MB

Download
memory/3024-0-0x0000000000400000-0x000000000065C000-memory.dmp

Filesize
2.4MB

Download
memory/3024-2-0x00000000002E0000-0x000000000035E000-memory.dmp

Filesize
504KB

Download
memory/3024-1-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/3024-16-0x0000000023040000-0x000000002329C000-memory.dmp

Filesize
2.4MB

Download
memory/3024-15-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/3024-30-0x0000000023040000-0x000000002329C000-memory.dmp

Filesize
2.4MB

Download