2ae7a48bcf7930076298cd9a181de3bc83effe79699eea4e17cac316ec02dd25

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 16:31

Target

bf13a6c376b5a1496e188dd07a47dfbe.exe
Size

1.3MB
MD5

bf13a6c376b5a1496e188dd07a47dfbe
SHA1

4fb44812189a6a7685437de91361482c5fd469ed
SHA256

2ae7a48bcf7930076298cd9a181de3bc83effe79699eea4e17cac316ec02dd25
SHA512

a48ef8c77bb1ffb026666eed717b72a074254481cfd7833d0fa9c9176c0d6659689f16e9b2c3af3b0daad4f51bc12c570474a1885655811cfe7d03dda10576e5
SSDEEP

24576:zE3BsSSdWQXZgzGdhH7nmNmZtr+HObuHzrzNSqOUbXXBVgePcNUd09dEU9/9Us:zE3iBdWQXukJmN0eOizrzYkLxp0R9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2948	bf13a6c376b5a1496e188dd07a47dfbe.exe

Executes dropped EXE 1 IoCs

pid	Process
2948	bf13a6c376b5a1496e188dd07a47dfbe.exe

Loads dropped DLL 1 IoCs

pid	Process
2884	bf13a6c376b5a1496e188dd07a47dfbe.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2884-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x00090000000146c0-10.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2884	bf13a6c376b5a1496e188dd07a47dfbe.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2884	bf13a6c376b5a1496e188dd07a47dfbe.exe
2948	bf13a6c376b5a1496e188dd07a47dfbe.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2948	2884	bf13a6c376b5a1496e188dd07a47dfbe.exe	28
PID 2884 wrote to memory of 2948	2884	bf13a6c376b5a1496e188dd07a47dfbe.exe	28
PID 2884 wrote to memory of 2948	2884	bf13a6c376b5a1496e188dd07a47dfbe.exe	28
PID 2884 wrote to memory of 2948	2884	bf13a6c376b5a1496e188dd07a47dfbe.exe	28

\Users\Admin\AppData\Local\Temp\bf13a6c376b5a1496e188dd07a47dfbe.exe

Filesize
1.3MB

MD5
fca7b836c8bbfacefc705104b7912a66

SHA1
0a185d0e5200df719b7250cb0e8e7d8eec7d6940

SHA256
fd4a800fec2a002deef89dc0310845efb5bb59911046314dc862d9dfbfb4a81a

SHA512
3d6d7a3ba4b1e5fc719640b00ad22488504513dca9db1a66df92fffb03e56d6918d31532fdeebc739013334b1402a366f97017f759795d3fc6a4fa953d172743

Download Submit
memory/2884-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2884-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2884-2-0x00000000002B0000-0x00000000003E1000-memory.dmp

Filesize
1.2MB

Download
memory/2884-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2884-17-0x0000000003480000-0x0000000003967000-memory.dmp

Filesize
4.9MB

Download
memory/2948-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2948-20-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2948-22-0x0000000001B10000-0x0000000001C41000-memory.dmp

Filesize
1.2MB

Download
memory/2948-24-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2948-25-0x00000000033F0000-0x0000000003612000-memory.dmp

Filesize
2.1MB

Download
memory/2948-32-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download