288caa5899b80fe34d4aa97e1810d27ee517ec00969ba9d4eb2fa030994d1742

Analysis

max time kernel
138s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/01/2024, 09:30

Target

7f7d322e72163c4e620f8ce21b686f25.exe
Size

2.7MB
MD5

7f7d322e72163c4e620f8ce21b686f25
SHA1

bc4137ec9011b40420a2f398e227dde6987ac4e8
SHA256

288caa5899b80fe34d4aa97e1810d27ee517ec00969ba9d4eb2fa030994d1742
SHA512

6ca1eb0de90081b38ed767b173a9b7d360faef789077598c1614dbde295817ebdaace10cd5272071e6b1aecd1bb79b7763fcdc4276bc02ce17da05fe6a45c6f8
SSDEEP

49152:qmqOpnQ0LFFOKfjC1jNAqrKArrjdvHSVeBR9ktBc1+Q4YdxSChG38bDUggR9t:q+nJLFF/21jmBorV/HktBcwQDM2YIDUx

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4588	7f7d322e72163c4e620f8ce21b686f25.exe

Executes dropped EXE 1 IoCs

pid	Process
4588	7f7d322e72163c4e620f8ce21b686f25.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4040-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0007000000023118-11.dat	upx
behavioral2/memory/4588-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4040	7f7d322e72163c4e620f8ce21b686f25.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4040	7f7d322e72163c4e620f8ce21b686f25.exe
4588	7f7d322e72163c4e620f8ce21b686f25.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 4588	4040	7f7d322e72163c4e620f8ce21b686f25.exe	84
PID 4040 wrote to memory of 4588	4040	7f7d322e72163c4e620f8ce21b686f25.exe	84
PID 4040 wrote to memory of 4588	4040	7f7d322e72163c4e620f8ce21b686f25.exe	84

C:\Users\Admin\AppData\Local\Temp\7f7d322e72163c4e620f8ce21b686f25.exe

Filesize
2.7MB

MD5
b538b8e8f58ad6bd64ca2adeb662255c

SHA1
31257d36ce3a91e711e50030eceaef3587b391b3

SHA256
28034a005ee9415a65bfbc59b2d054d3a745678ee5a568784a7a87a8fa963f4a

SHA512
191f777e2f0dfee5a9a385bf189ddeaa5078c6dce06fd6567277a312362de2a8398654b680956fe9946ae045732459b75712e837bf23b0695ece82024e2431bc

Download Submit
memory/4040-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4040-1-0x0000000001C60000-0x0000000001D91000-memory.dmp

Filesize
1.2MB

Download
memory/4040-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4040-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4588-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4588-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4588-14-0x0000000001C60000-0x0000000001D91000-memory.dmp

Filesize
1.2MB

Download
memory/4588-20-0x0000000005550000-0x0000000005772000-memory.dmp

Filesize
2.1MB

Download
memory/4588-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/4588-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download