5157c7773443db0cd93493f560ceef42e3d69f7cc973cfbc485da59470027d37

Analysis

max time kernel
117s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07-03-2024 22:39

Target

b9d75ea5b105f973b10c0a6028051b3f.exe
Size

1.3MB
MD5

b9d75ea5b105f973b10c0a6028051b3f
SHA1

3ad94bc39c9827f6ae7135b2fe0e6d10c626f1ad
SHA256

5157c7773443db0cd93493f560ceef42e3d69f7cc973cfbc485da59470027d37
SHA512

29d5a1aa0194dd5bb2bd342cc438f7a33a8cfbf2cab04105d63cebfcc34d7d94b7219ab082f1b9c7bb5b4d94eec81cda9d5db541383dbdcb05e8e60ea4dd15ec
SSDEEP

24576:0JS9nPlw/C0mXQ8g5Z7cEsik7sSavB+GhYymvpZq/56EiZXxolD2DQRvG:YSR6/C0oLgvgk1omYZpZ86xqlD2U

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2468	b9d75ea5b105f973b10c0a6028051b3f.exe

Executes dropped EXE 1 IoCs

pid	Process
2468	b9d75ea5b105f973b10c0a6028051b3f.exe

Loads dropped DLL 1 IoCs

pid	Process
2628	b9d75ea5b105f973b10c0a6028051b3f.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2628-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000a000000012254-11.dat	upx
behavioral1/memory/2628-16-0x0000000003510000-0x000000000397A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2628	b9d75ea5b105f973b10c0a6028051b3f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2628	b9d75ea5b105f973b10c0a6028051b3f.exe
2468	b9d75ea5b105f973b10c0a6028051b3f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 2468	2628	b9d75ea5b105f973b10c0a6028051b3f.exe	28
PID 2628 wrote to memory of 2468	2628	b9d75ea5b105f973b10c0a6028051b3f.exe	28
PID 2628 wrote to memory of 2468	2628	b9d75ea5b105f973b10c0a6028051b3f.exe	28
PID 2628 wrote to memory of 2468	2628	b9d75ea5b105f973b10c0a6028051b3f.exe	28

\Users\Admin\AppData\Local\Temp\b9d75ea5b105f973b10c0a6028051b3f.exe

Filesize
1.3MB

MD5
da3d6d91dd89bc66bd4ec6af6b5dd0db

SHA1
179354fc8ac2e66d26246746307420c3265deef8

SHA256
c940b9b72beec1345f75caa292112fa8d64bd93181ea5b558fa27e855d2cc7c1

SHA512
32ec79f6039f3740d1988d1bfc41efb8c5aace83a29043ee7f7c651f5395cb908019863b4ebce36f618063bf6308a46b4d4966392d95a34a779a6b58e26dc1ef

Download Submit
memory/2468-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2468-20-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2468-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2468-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2628-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2628-1-0x0000000000280000-0x0000000000392000-memory.dmp

Filesize
1.1MB

Download
memory/2628-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2628-16-0x0000000003510000-0x000000000397A000-memory.dmp

Filesize
4.4MB

Download
memory/2628-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2628-26-0x0000000003510000-0x000000000397A000-memory.dmp

Filesize
4.4MB

Download