7cf7ed4cf6a65aa632a1621f7c289c43468dd61c791e4c17cef6d3c72b6d3dee

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 08:06

Target

7c9870622dbbbf4e4245f19fdc5bfc0f.exe
Size

2.7MB
MD5

7c9870622dbbbf4e4245f19fdc5bfc0f
SHA1

ea2cf336d4cba7fec1f8917d83572d32ede0cc2f
SHA256

7cf7ed4cf6a65aa632a1621f7c289c43468dd61c791e4c17cef6d3c72b6d3dee
SHA512

adf4205aeb489da16fe5c8eebe5b52c11ccbec94e0d9f92dde0e880987f116f7391e563015a04108280f1c39f5bc4c74b1a3a043a1b63e07d8b05d6ad1f97d27
SSDEEP

49152:2SIImL5wcMLbaP1OIzm+9pp/hmR94Hma7lWovvRqkgxDmhhIo/wnSB7wmM0gRlZr:2um+Ra9OIHpdhmH4Ga7lWARRj5wnSB7q

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2360	7c9870622dbbbf4e4245f19fdc5bfc0f.exe

Executes dropped EXE 1 IoCs

pid	Process
2360	7c9870622dbbbf4e4245f19fdc5bfc0f.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1604-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0006000000023216-11.dat	upx
behavioral2/memory/2360-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1604	7c9870622dbbbf4e4245f19fdc5bfc0f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1604	7c9870622dbbbf4e4245f19fdc5bfc0f.exe
2360	7c9870622dbbbf4e4245f19fdc5bfc0f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 2360	1604	7c9870622dbbbf4e4245f19fdc5bfc0f.exe	86
PID 1604 wrote to memory of 2360	1604	7c9870622dbbbf4e4245f19fdc5bfc0f.exe	86
PID 1604 wrote to memory of 2360	1604	7c9870622dbbbf4e4245f19fdc5bfc0f.exe	86

C:\Users\Admin\AppData\Local\Temp\7c9870622dbbbf4e4245f19fdc5bfc0f.exe

Filesize
524KB

MD5
73197b4e73dd94a580ae9e0c9c5ef7e0

SHA1
d9d981a197392036d7ac73f444333f2803ebce15

SHA256
499a6c48d6d2a7072aa085ea683133d84f52f8761c8a38f5307bd6320cb0e37d

SHA512
1c452a8be5413533133f7f1230cfeaaab1c0f9ce281e1b743eac30761c30e5a5d171344a3b1f5ac14d9d4800e1b449a30c0a5793b7f14a74a2fa8be552e4dc8e

Download Submit
memory/1604-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1604-1-0x0000000001D50000-0x0000000001E81000-memory.dmp

Filesize
1.2MB

Download
memory/1604-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1604-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2360-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2360-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2360-15-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2360-20-0x0000000005620000-0x0000000005842000-memory.dmp

Filesize
2.1MB

Download
memory/2360-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2360-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download