b316493de2af36fbf5ebb100d6d1410a2b8b542ff880ee65b3113f32d1947b32

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 01:38

Target

982791bbdec792a81d027a65865aedde.exe
Size

56KB
MD5

982791bbdec792a81d027a65865aedde
SHA1

403140d6d3c073d4a7a7a9d6fe60a4cc29db0070
SHA256

b316493de2af36fbf5ebb100d6d1410a2b8b542ff880ee65b3113f32d1947b32
SHA512

a53b6cef2efdbaa72055845d2d1568f93d5e7960c09e2303ba7b442fb7ae18700a35c5f4db30cff40c933bc6d949067a83a36f021d56a05007b8c2d866deaa86
SSDEEP

1536:UlKinCEM2DHo7Scl62iT0c31im36IQdax9KYyxV3e:Uo8MAcSK6D0cH6Yx47xV

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1312	982791bbdec792a81d027a65865aedde.exe

Executes dropped EXE 1 IoCs

pid	Process
1312	982791bbdec792a81d027a65865aedde.exe

Loads dropped DLL 1 IoCs

pid	Process
2288	982791bbdec792a81d027a65865aedde.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2288-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral1/files/0x000a000000012243-16.dat	upx
behavioral1/memory/1312-17-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2288	982791bbdec792a81d027a65865aedde.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2288	982791bbdec792a81d027a65865aedde.exe
1312	982791bbdec792a81d027a65865aedde.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 1312	2288	982791bbdec792a81d027a65865aedde.exe	29
PID 2288 wrote to memory of 1312	2288	982791bbdec792a81d027a65865aedde.exe	29
PID 2288 wrote to memory of 1312	2288	982791bbdec792a81d027a65865aedde.exe	29
PID 2288 wrote to memory of 1312	2288	982791bbdec792a81d027a65865aedde.exe	29

C:\Users\Admin\AppData\Local\Temp\982791bbdec792a81d027a65865aedde.exe

Filesize
56KB

MD5
bc2cd02b114034d92084dccfe0674f76

SHA1
c96a648d99f3cb04293ffca820dc9a2009830aff

SHA256
5e7cc4db777f3965c6196a7a91dc715755027f2e410684bca814fe8b1318dfee

SHA512
4d5793ad24cadd72112351b08ba90059ad8fd5cdfe94ee9dd5418e7604d7bf2dbd4e1d3a141c51458d1c04cc365118589eb00cf1384b4b24e6d92aa41ee93dba

Download Submit
memory/1312-17-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1312-18-0x0000000000030000-0x000000000003E000-memory.dmp

Filesize
56KB

Download
memory/1312-19-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1312-24-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1312-25-0x0000000000170000-0x000000000018B000-memory.dmp

Filesize
108KB

Download
memory/1312-30-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2288-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2288-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2288-2-0x0000000000030000-0x000000000003E000-memory.dmp

Filesize
56KB

Download
memory/2288-15-0x0000000000190000-0x00000000001CA000-memory.dmp

Filesize
232KB

Download
memory/2288-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download