ee46582ae0440af4246e14c3aacc33d55359906f663daa4d074b1f4cf0238677

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 16:48

Target

b92ec5bc625a20dc2057d1c04e27a266.exe
Size

2.9MB
MD5

b92ec5bc625a20dc2057d1c04e27a266
SHA1

e9f428d7676f6bb408ea608608332573a8ea2f15
SHA256

ee46582ae0440af4246e14c3aacc33d55359906f663daa4d074b1f4cf0238677
SHA512

c7e42f1db7448a1e5e311ad06942094d6ed15c1c2b07a8cb4081aa91e80d00d9d7bee4d1c05704520f8d995770d82469629e7b5b1df639391e4f9c826d68ff72
SSDEEP

49152:THzqtPiqd1jlK/WanEcCXtIcgP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:QqqHxK/WPagg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2988	b92ec5bc625a20dc2057d1c04e27a266.exe

Executes dropped EXE 1 IoCs

pid	Process
2988	b92ec5bc625a20dc2057d1c04e27a266.exe

Loads dropped DLL 1 IoCs

pid	Process
1600	b92ec5bc625a20dc2057d1c04e27a266.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1600-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000a000000012252-10.dat	upx
behavioral1/memory/1600-14-0x00000000038B0000-0x0000000003D9F000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1600	b92ec5bc625a20dc2057d1c04e27a266.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1600	b92ec5bc625a20dc2057d1c04e27a266.exe
2988	b92ec5bc625a20dc2057d1c04e27a266.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 2988	1600	b92ec5bc625a20dc2057d1c04e27a266.exe	28
PID 1600 wrote to memory of 2988	1600	b92ec5bc625a20dc2057d1c04e27a266.exe	28
PID 1600 wrote to memory of 2988	1600	b92ec5bc625a20dc2057d1c04e27a266.exe	28
PID 1600 wrote to memory of 2988	1600	b92ec5bc625a20dc2057d1c04e27a266.exe	28

\Users\Admin\AppData\Local\Temp\b92ec5bc625a20dc2057d1c04e27a266.exe

Filesize
2.9MB

MD5
2e701875c9ebb61fdbc3f64aa29047e7

SHA1
fb58843ac127b28c509bb87fafc442a1e1238f31

SHA256
a79141f445b14219713efd5fcdddf35c5a7b0451626de9dcddc6858bd60b41ba

SHA512
7b511e9d8c795c6f40ef50cac9077e655826f85f9e4b773dbd2829b7064ae94f491ae1e40bb64cdb3c22e229a15b628b54bc43d9e73e075f6c8206a04d2ef590

Download Submit
memory/1600-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1600-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1600-2-0x0000000000240000-0x0000000000373000-memory.dmp

Filesize
1.2MB

Download
memory/1600-14-0x00000000038B0000-0x0000000003D9F000-memory.dmp

Filesize
4.9MB

Download
memory/1600-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2988-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2988-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2988-19-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2988-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2988-24-0x00000000035A0000-0x00000000037CA000-memory.dmp

Filesize
2.2MB

Download
memory/2988-31-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download