91eeb9f1fcedf27633108f8f79532c020fee8c6967aafd5864a776cac1e90f7b

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 22:41

Target

9a1a854b8a02ca2baf96bcb2a6d1372b.exe
Size

1.5MB
MD5

9a1a854b8a02ca2baf96bcb2a6d1372b
SHA1

bae796d677cc55b445a38b76820fa300a1bc815e
SHA256

91eeb9f1fcedf27633108f8f79532c020fee8c6967aafd5864a776cac1e90f7b
SHA512

24bdb8c807cffe502b2fb75f511bad7b83ddb862d318d52621510597130a2b475e07dc1345b56cdef8b518a048b1b62ba0cdd72eafab16759e6544ba1d81bf9c
SSDEEP

24576:j0gNKdxjsZA/FiRenfniRFiDwQG1fOIdUNN/Faivs7AmOCXW:j4FsZumenfiGHG1fODN/ha/OCX

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2304	9a1a854b8a02ca2baf96bcb2a6d1372b.exe

Executes dropped EXE 1 IoCs

pid	Process
2304	9a1a854b8a02ca2baf96bcb2a6d1372b.exe

Loads dropped DLL 1 IoCs

pid	Process
2148	9a1a854b8a02ca2baf96bcb2a6d1372b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2148-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00090000000122c9-10.dat	upx
behavioral1/memory/2304-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2148	9a1a854b8a02ca2baf96bcb2a6d1372b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2148	9a1a854b8a02ca2baf96bcb2a6d1372b.exe
2304	9a1a854b8a02ca2baf96bcb2a6d1372b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2304	2148	9a1a854b8a02ca2baf96bcb2a6d1372b.exe	28
PID 2148 wrote to memory of 2304	2148	9a1a854b8a02ca2baf96bcb2a6d1372b.exe	28
PID 2148 wrote to memory of 2304	2148	9a1a854b8a02ca2baf96bcb2a6d1372b.exe	28
PID 2148 wrote to memory of 2304	2148	9a1a854b8a02ca2baf96bcb2a6d1372b.exe	28

\Users\Admin\AppData\Local\Temp\9a1a854b8a02ca2baf96bcb2a6d1372b.exe

Filesize
1.5MB

MD5
4d3317c790fa72330c0f26e1b11be3fb

SHA1
9abad20510ba265f4366bfe34f209a5776ee9f30

SHA256
c8003a5557390ebfe26e6311383824e488586979692557b27f3abb4fb260d485

SHA512
ccd457d3f7852dae42e3053ac3f6f60b01eadddb039a07c1722377b4e6d128fea09cd88cfac27655eddf79bcc3c72b31716a261ecdf224ec984fc643e6f454d3

Download Submit
memory/2148-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2148-2-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2148-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2148-14-0x00000000034F0000-0x00000000039DF000-memory.dmp

Filesize
4.9MB

Download
memory/2148-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2304-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2304-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2304-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2304-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2304-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/2304-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download