4c7867f43e3da29d2b6ec91ea8cf98cbd5d745cd9abfda5d3925d2166796b7f1

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02/02/2024, 22:22

Target

VirusShare-005870e7955f1bdd53721f6ea894cfcc.exe
Size

80KB
MD5

005870e7955f1bdd53721f6ea894cfcc
SHA1

529b531bb38bbbed38c62d118fe026631d1e865c
SHA256

4c7867f43e3da29d2b6ec91ea8cf98cbd5d745cd9abfda5d3925d2166796b7f1
SHA512

0ce7591589a1a789a7443a942c0eaf1d9693d759ae63cd71ca5955bbd6a335da0ad5d7988d25e125eb1870e71971f3385ea023b7bdf2fa9a9c59ec564c702a3a
SSDEEP

1536:Rg1SqwcqI5PzwZ54GtG4wWdyFtjzfcKukkO5Gx9XX50z88uMrnqA18fiXF3:a1SNFEwZiiSJUO5iFp0nuM+Aaq1

Score

9^/10

upx

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
behavioral1/memory/2144-0-0x0000000000400000-0x000000000041D000-memory.dmp	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2144-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Suspicious use of UnmapMainImage 1 IoCs

pid	Process
2144	VirusShare-005870e7955f1bdd53721f6ea894cfcc.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 2172	2144	VirusShare-005870e7955f1bdd53721f6ea894cfcc.exe	28
PID 2144 wrote to memory of 2172	2144	VirusShare-005870e7955f1bdd53721f6ea894cfcc.exe	28
PID 2144 wrote to memory of 2172	2144	VirusShare-005870e7955f1bdd53721f6ea894cfcc.exe	28
PID 2144 wrote to memory of 2172	2144	VirusShare-005870e7955f1bdd53721f6ea894cfcc.exe	28
PID 2144 wrote to memory of 2172	2144	VirusShare-005870e7955f1bdd53721f6ea894cfcc.exe	28
PID 2144 wrote to memory of 2172	2144	VirusShare-005870e7955f1bdd53721f6ea894cfcc.exe	28
PID 2144 wrote to memory of 2172	2144	VirusShare-005870e7955f1bdd53721f6ea894cfcc.exe	28

memory/2144-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2144-1-0x0000000000260000-0x0000000000262000-memory.dmp

Filesize
8KB

Download
memory/2144-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2144-5-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2172-3-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download
memory/2172-4-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download
memory/2172-6-0x00000000007E0000-0x00000000007E8000-memory.dmp

Filesize
32KB

Download
memory/2172-7-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download
memory/2172-10-0x0000000000080000-0x0000000000089000-memory.dmp

Filesize
36KB

Download