98fc4b1fd7802b16e45b6b6d04f9bf9639d513eca2c980e0f51a676f7a588281

Analysis

max time kernel
90s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 00:24

Target

7babb48d9ab53abb03f5a809854929a7.exe
Size

69KB
MD5

7babb48d9ab53abb03f5a809854929a7
SHA1

36ae371a888f53ef0c9c6c61b5eddf5a734f66c8
SHA256

98fc4b1fd7802b16e45b6b6d04f9bf9639d513eca2c980e0f51a676f7a588281
SHA512

15be37bb0f6136e1804d65d53e560ad604df5d38e119f56487c67884d168a4c052353a462b1b27cf6c06951956a186de9a4ba5a6b73dc51bdfe945cd3de76813
SSDEEP

1536:Hc5003+O9EI6bM2VGFihn158s/veO7XR8h3yhbk:i53t9EZbCihngKeYhRI

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/932-0-0x0000000000400000-0x000000000041A000-memory.dmp	upx

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
932	7babb48d9ab53abb03f5a809854929a7.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 932 wrote to memory of 3572	932	7babb48d9ab53abb03f5a809854929a7.exe	85
PID 932 wrote to memory of 3572	932	7babb48d9ab53abb03f5a809854929a7.exe	85
PID 932 wrote to memory of 3572	932	7babb48d9ab53abb03f5a809854929a7.exe	85
PID 932 wrote to memory of 3572	932	7babb48d9ab53abb03f5a809854929a7.exe	85
PID 932 wrote to memory of 3572	932	7babb48d9ab53abb03f5a809854929a7.exe	85

memory/932-0-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download
memory/932-1-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/932-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/932-4-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/932-3-0x00000000021B0000-0x00000000021BE000-memory.dmp

Filesize
56KB

Download