f97d504a0c6096cab3ddf1944c40087545a0290e0cf3205edb105383384b7f23

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 13:59

Target

99992ca748bdcbac6eeec7a8b567e515.exe
Size

1.3MB
MD5

99992ca748bdcbac6eeec7a8b567e515
SHA1

3ecb3e586ec56696a9adf37de005619e9bae9c5e
SHA256

f97d504a0c6096cab3ddf1944c40087545a0290e0cf3205edb105383384b7f23
SHA512

e54ba0e6eb5cbad6040ce1bbf43c587a2882b2cbade186009f70b83bd338ad66f5e5b6b47cd6b9bd7b4a6780363cf50f5366493b00bec8860c81ddd0f3f738d3
SSDEEP

24576:cNvwu7O9hAD1ZrQAi+C5GNFWqmdRuNFu2/nocFy+CC0c32AAPprWc:cNvwu7O9hAiVGNEqmevVAyyxc32TRp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2316	99992ca748bdcbac6eeec7a8b567e515.exe

Executes dropped EXE 1 IoCs

pid	Process
2316	99992ca748bdcbac6eeec7a8b567e515.exe

Loads dropped DLL 1 IoCs

pid	Process
2300	99992ca748bdcbac6eeec7a8b567e515.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2300-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x00070000000122c4-10.dat	upx
behavioral1/memory/2316-16-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2300	99992ca748bdcbac6eeec7a8b567e515.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2300	99992ca748bdcbac6eeec7a8b567e515.exe
2316	99992ca748bdcbac6eeec7a8b567e515.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 2316	2300	99992ca748bdcbac6eeec7a8b567e515.exe	28
PID 2300 wrote to memory of 2316	2300	99992ca748bdcbac6eeec7a8b567e515.exe	28
PID 2300 wrote to memory of 2316	2300	99992ca748bdcbac6eeec7a8b567e515.exe	28
PID 2300 wrote to memory of 2316	2300	99992ca748bdcbac6eeec7a8b567e515.exe	28

\Users\Admin\AppData\Local\Temp\99992ca748bdcbac6eeec7a8b567e515.exe

Filesize
1.3MB

MD5
d00b3f3d2ebd3ef4732754c2f11dedeb

SHA1
c743468533ca5a64bf2126b9a52fd4a633d03be5

SHA256
bbac2fe410e80cd4c188052b224ee932896d135075911031950b45ef74e5e056

SHA512
7164c257355e41ccd5c7612b06ba1dbbde8065883243a290ed8efbbbf72fda92f5fcaa11f65c23e573f39ca42db949c3f5d3273ad0d932fb6e93259f2bbb88d3

Download Submit
memory/2300-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2300-2-0x0000000000270000-0x00000000003A3000-memory.dmp

Filesize
1.2MB

Download
memory/2300-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2300-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2316-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2316-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2316-18-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/2316-23-0x0000000003400000-0x000000000362A000-memory.dmp

Filesize
2.2MB

Download
memory/2316-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2316-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download