42a13f016cbde5ddb90f7238e67754ca907f26b6879a445c6ea857076d1568a3

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/02/2024, 23:07

Target

aa6344a754a7b33cb7c6321f17399866.exe
Size

1.5MB
MD5

aa6344a754a7b33cb7c6321f17399866
SHA1

e18beb647ec5980cf135fa1347521be120b8d5bc
SHA256

42a13f016cbde5ddb90f7238e67754ca907f26b6879a445c6ea857076d1568a3
SHA512

2392894c09d2c1f92d2f784d5b33e47c01bccb4c3a6c42fa35ac511ced2044b2ea0e6ba9ec7a6e368a5b1b30b8e2477debf066f31e3b56826391fea4b5339eb2
SSDEEP

24576:LbE44peVPN7TXxtXhGxUC33/QBiuQMle3nBnAQXo02hW:HbF3vXxtXhGd3ozQMsU02h

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1972	aa6344a754a7b33cb7c6321f17399866.exe

Executes dropped EXE 1 IoCs

pid	Process
1972	aa6344a754a7b33cb7c6321f17399866.exe

Loads dropped DLL 1 IoCs

pid	Process
2992	aa6344a754a7b33cb7c6321f17399866.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2992-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012255-10.dat	upx
behavioral1/memory/1972-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2992	aa6344a754a7b33cb7c6321f17399866.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2992	aa6344a754a7b33cb7c6321f17399866.exe
1972	aa6344a754a7b33cb7c6321f17399866.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 1972	2992	aa6344a754a7b33cb7c6321f17399866.exe	28
PID 2992 wrote to memory of 1972	2992	aa6344a754a7b33cb7c6321f17399866.exe	28
PID 2992 wrote to memory of 1972	2992	aa6344a754a7b33cb7c6321f17399866.exe	28
PID 2992 wrote to memory of 1972	2992	aa6344a754a7b33cb7c6321f17399866.exe	28

\Users\Admin\AppData\Local\Temp\aa6344a754a7b33cb7c6321f17399866.exe

Filesize
1.5MB

MD5
7fab199669950865e03d4825459cbcaf

SHA1
0e7f7cac4200544e1b6abf70146c28f915cd86ca

SHA256
30e8a098de82cc35064393942783ad5ca819b6defc448171e1a53d3bca66e2f5

SHA512
d45c1c60a73325ee8e017e2ffbb947eb56b0028791d27f6589aa7f7972568f48dd2fbd43cf5257f3305a3ebb7f494d5b82d2c49ec2156437cd4cb099d4748392

Download Submit
memory/1972-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1972-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/1972-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1972-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1972-24-0x0000000003410000-0x000000000363A000-memory.dmp

Filesize
2.2MB

Download
memory/1972-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2992-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2992-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2992-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2992-14-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2992-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download