1c1980d6344ff7c77c328c38a7274dc78cdded2f12461fe39aeb1e97a5e3b349

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 13:42

Target

999164fe59406d5cd0faef7dbb2c6346.exe
Size

1.5MB
MD5

999164fe59406d5cd0faef7dbb2c6346
SHA1

94040d9180fbe65bf47badbc7286d365e0d54484
SHA256

1c1980d6344ff7c77c328c38a7274dc78cdded2f12461fe39aeb1e97a5e3b349
SHA512

dc53b93fd7412d97d10032241d6d5bf29c9919bbc3c68bae69096b139b31c1840396ed78cdc92ffe2b03dd29c2ffb5b0a374198edb64f97661f201f196f3a379
SSDEEP

24576:To/D6H9Vu7cFKWp/99rRJpY9ZaeEI7A3yGEGh0fuMSW:TSM9VfVp1njY9rEI7A3JEGh+S

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2672	999164fe59406d5cd0faef7dbb2c6346.exe

Executes dropped EXE 1 IoCs

pid	Process
2672	999164fe59406d5cd0faef7dbb2c6346.exe

Loads dropped DLL 1 IoCs

pid	Process
2372	999164fe59406d5cd0faef7dbb2c6346.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2372-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000015d70-10.dat	upx
behavioral1/memory/2672-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/memory/2372-14-0x0000000003510000-0x00000000039FF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2372	999164fe59406d5cd0faef7dbb2c6346.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2372	999164fe59406d5cd0faef7dbb2c6346.exe
2672	999164fe59406d5cd0faef7dbb2c6346.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2672	2372	999164fe59406d5cd0faef7dbb2c6346.exe	28
PID 2372 wrote to memory of 2672	2372	999164fe59406d5cd0faef7dbb2c6346.exe	28
PID 2372 wrote to memory of 2672	2372	999164fe59406d5cd0faef7dbb2c6346.exe	28
PID 2372 wrote to memory of 2672	2372	999164fe59406d5cd0faef7dbb2c6346.exe	28

\Users\Admin\AppData\Local\Temp\999164fe59406d5cd0faef7dbb2c6346.exe

Filesize
1.5MB

MD5
41630340632abf1f71c8f2f9f3a90a5b

SHA1
bedb532901fd55151e1704f4eb99be77f9919e32

SHA256
62e30d2409b5882e600c5feab4e27fdc5676e2fca564a8b697009a3ca36cf555

SHA512
754851f3a46c2d5dcf99800548b5f8cd36f94a95892c79c561d3f8ac32663272634230c2844a00ad891b9dac0dec16bd0c7572f2e670fc293825a70d1560e3ba

Download Submit
memory/2372-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2372-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2372-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2372-14-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2372-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2672-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2672-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2672-17-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2672-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2672-24-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/2672-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download