0f7e82ff1186c7cf8667b22726bd9e730cd256bb75236af178d2b80f2c83ee3a

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 09:59

Target

9921326d5eae0f9bdf9346f684c4f612.exe
Size

1.3MB
MD5

9921326d5eae0f9bdf9346f684c4f612
SHA1

91f2d78e15c2bacefe6350f11fe9d48055a2a4c2
SHA256

0f7e82ff1186c7cf8667b22726bd9e730cd256bb75236af178d2b80f2c83ee3a
SHA512

14bbeaf91b698cfd052d1e13945de4287beb715df5eb3322e26ebba347b80a07a34fd18fdc68710409cdcf3ed054c5c9b0ff08c5fdf42a1e89a9aab204179d47
SSDEEP

24576:h6Vba/HtEpgo37iRD/6JOR2UKQFsSzUkYqAtwsERqiPs4F274OsqNql25t6apNSL:h6Vba/HWzLC/zMn+uNjFL4F+sqIUSapI

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2644	9921326d5eae0f9bdf9346f684c4f612.exe

Executes dropped EXE 1 IoCs

pid	Process
2644	9921326d5eae0f9bdf9346f684c4f612.exe

Loads dropped DLL 1 IoCs

pid	Process
1016	9921326d5eae0f9bdf9346f684c4f612.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1016-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012262-12.dat	upx
behavioral1/memory/2644-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1016	9921326d5eae0f9bdf9346f684c4f612.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1016	9921326d5eae0f9bdf9346f684c4f612.exe
2644	9921326d5eae0f9bdf9346f684c4f612.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 2644	1016	9921326d5eae0f9bdf9346f684c4f612.exe	28
PID 1016 wrote to memory of 2644	1016	9921326d5eae0f9bdf9346f684c4f612.exe	28
PID 1016 wrote to memory of 2644	1016	9921326d5eae0f9bdf9346f684c4f612.exe	28
PID 1016 wrote to memory of 2644	1016	9921326d5eae0f9bdf9346f684c4f612.exe	28

C:\Users\Admin\AppData\Local\Temp\9921326d5eae0f9bdf9346f684c4f612.exe

Filesize
1.3MB

MD5
94f54ba3ff7b8a974f8d1536dd0d73ed

SHA1
1d4f5bf458af8796a25684c683d81ca20ece8a4f

SHA256
b05941bce8a544ccaf65b9bf6f90d53c6026e1a218297240af70cfb758e3955d

SHA512
0971d0c95b178865c77dd2548d823f7709d531369b54c969a6dc19ec98febed3c108421868848672b9a9f5ebe95c55feb41a829defaf4feac4a78969c967ffab

Download Submit
memory/1016-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1016-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1016-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1016-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1016-13-0x00000000034D0000-0x00000000039BF000-memory.dmp

Filesize
4.9MB

Download
memory/2644-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2644-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2644-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2644-24-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/2644-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2644-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download