6fe542a4ff3aabbc2d3cb536f1a0c84fe9fc8f04630c893edcf91bbc08e60e59

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 06:02

Target

9af209808b954bc2f6b28eaaa321617f.exe
Size

59KB
MD5

9af209808b954bc2f6b28eaaa321617f
SHA1

99ac3095bf0c76fe733397d1f5c1d3dfad59f799
SHA256

6fe542a4ff3aabbc2d3cb536f1a0c84fe9fc8f04630c893edcf91bbc08e60e59
SHA512

41084b12fd036a155688517f87a44d0e0bd1dcb35f4b8d2eea3cf0b634ac58fe26efa44e1b920c211c5e25f26f5edbab97fd77dbe0c7bd07a2e933b65e4a46e3
SSDEEP

1536:3Ff3jL7tLR5EP2pT2rU1XhQdvvjJAkVyJrscCvOoYqD8:3JTvtLDI2R6UxhQdT2bSOoYqD8

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1760	9af209808b954bc2f6b28eaaa321617f.exe

Executes dropped EXE 1 IoCs

pid	Process
1760	9af209808b954bc2f6b28eaaa321617f.exe

Loads dropped DLL 1 IoCs

pid	Process
3044	9af209808b954bc2f6b28eaaa321617f.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3044-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral1/files/0x000a0000000139b6-10.dat	upx
behavioral1/memory/1760-16-0x0000000000400000-0x000000000043D000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3044	9af209808b954bc2f6b28eaaa321617f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3044	9af209808b954bc2f6b28eaaa321617f.exe
1760	9af209808b954bc2f6b28eaaa321617f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 1760	3044	9af209808b954bc2f6b28eaaa321617f.exe	29
PID 3044 wrote to memory of 1760	3044	9af209808b954bc2f6b28eaaa321617f.exe	29
PID 3044 wrote to memory of 1760	3044	9af209808b954bc2f6b28eaaa321617f.exe	29
PID 3044 wrote to memory of 1760	3044	9af209808b954bc2f6b28eaaa321617f.exe	29

\Users\Admin\AppData\Local\Temp\9af209808b954bc2f6b28eaaa321617f.exe

Filesize
59KB

MD5
992fa9e30df6f13fb4a0bad54e3771a8

SHA1
a0b914a6b70660edb713fcf69e3765b72e52264b

SHA256
c4e4d5e6db3f43e12e2f5d42712bd26b1955d681cbb0810ed7cd46a2d6329daa

SHA512
0143724be2e8f7b845dfa9f35501f69d8378eab2f16603b50a30552f70fb3f4b529d39fd562ae49a9cccf00a2b6ef1e474dea58e3a501fa9b555f0719ed5cf22

Download Submit
memory/1760-17-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1760-16-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1760-18-0x0000000000030000-0x000000000003F000-memory.dmp

Filesize
60KB

Download
memory/1760-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1760-28-0x00000000001F0000-0x000000000020D000-memory.dmp

Filesize
116KB

Download
memory/1760-29-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3044-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3044-1-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3044-5-0x0000000000030000-0x000000000003F000-memory.dmp

Filesize
60KB

Download
memory/3044-15-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download