f29eb8f721ee3210dfcdbb7245c36ca05d72f78e9182e72e745de78870bf8d97

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 20:22

Target

b991d982faec019c8a027c1c16133209.exe
Size

1.3MB
MD5

b991d982faec019c8a027c1c16133209
SHA1

4e27c162315b663f96b4699a7ad2036dce597fff
SHA256

f29eb8f721ee3210dfcdbb7245c36ca05d72f78e9182e72e745de78870bf8d97
SHA512

db7e0d5282e9a8d2a952f3b64e45adaf19d04defe5a17b0daeed854d660b50790c738d7884d7b972386b97b0069ae89366ed646dc8ed5a50f8c4a7de08c53714
SSDEEP

24576:fcxj8Oixz03mk5D6wrnZ3dfWcrtMFjnEeh0NOb6rcvG:fcxIOszrOFrnZ3VWcrtMZEU

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2744	b991d982faec019c8a027c1c16133209.exe

Executes dropped EXE 1 IoCs

pid	Process
2744	b991d982faec019c8a027c1c16133209.exe

Loads dropped DLL 1 IoCs

pid	Process
2204	b991d982faec019c8a027c1c16133209.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2204-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000b000000012257-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2204	b991d982faec019c8a027c1c16133209.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2204	b991d982faec019c8a027c1c16133209.exe
2744	b991d982faec019c8a027c1c16133209.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2744	2204	b991d982faec019c8a027c1c16133209.exe	28
PID 2204 wrote to memory of 2744	2204	b991d982faec019c8a027c1c16133209.exe	28
PID 2204 wrote to memory of 2744	2204	b991d982faec019c8a027c1c16133209.exe	28
PID 2204 wrote to memory of 2744	2204	b991d982faec019c8a027c1c16133209.exe	28

\Users\Admin\AppData\Local\Temp\b991d982faec019c8a027c1c16133209.exe

Filesize
1.3MB

MD5
6c61492e0dce1d158cd8e5b86a6ab47e

SHA1
1a5c05b30b86791a0dfa50c01b23e29f2775fd6a

SHA256
d3b6bb0824a011260d5d03e6e5a7a17a4a84bef0e05380c244b4b67b01bd6e94

SHA512
8da61f5360eae4e1b0165059cd63a73cb7d2043af0108b01a993d01bfdba2bde00b6a0ef1d6e3623be32c3929a37e8af4127098cd93b95f125d54eb99e27fc7e

Download Submit
memory/2204-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2204-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2204-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2204-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2204-14-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download
memory/2204-26-0x00000000033F0000-0x000000000385A000-memory.dmp

Filesize
4.4MB

Download
memory/2744-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2744-21-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/2744-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2744-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download