40458929fc4a230dce49efd347b4fa0e39ca9a6b9978ea43837786ec6091ae9e

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 13:48

Target

c8c35953e2255dd7f30b8ba87ba822d2.exe
Size

1.5MB
MD5

c8c35953e2255dd7f30b8ba87ba822d2
SHA1

908acedd56063efc7c02fe145fb2086bee01955c
SHA256

40458929fc4a230dce49efd347b4fa0e39ca9a6b9978ea43837786ec6091ae9e
SHA512

ffb129782550ba352bda67c28ceccf3519d316c2ebc0f24ae01840109cf79fda81373bc9818f283e4a2332e263fa3fc41f1e29efdb41130648f4aefbfd72334c
SSDEEP

24576:DTTZCbX1lTUO614mOk8lUyCCeaElFV0R7q2RBmEarwaiMd+dZ6IkWfHtTKm3jmtj:VCT/pm6ljCff0Y4mEaUa+dkWfHtuht+

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1680	c8c35953e2255dd7f30b8ba87ba822d2.exe

Executes dropped EXE 1 IoCs

pid	Process
1680	c8c35953e2255dd7f30b8ba87ba822d2.exe

Loads dropped DLL 1 IoCs

pid	Process
2736	c8c35953e2255dd7f30b8ba87ba822d2.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2736-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012256-15.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2736	c8c35953e2255dd7f30b8ba87ba822d2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2736	c8c35953e2255dd7f30b8ba87ba822d2.exe
1680	c8c35953e2255dd7f30b8ba87ba822d2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 1680	2736	c8c35953e2255dd7f30b8ba87ba822d2.exe	28
PID 2736 wrote to memory of 1680	2736	c8c35953e2255dd7f30b8ba87ba822d2.exe	28
PID 2736 wrote to memory of 1680	2736	c8c35953e2255dd7f30b8ba87ba822d2.exe	28
PID 2736 wrote to memory of 1680	2736	c8c35953e2255dd7f30b8ba87ba822d2.exe	28

C:\Users\Admin\AppData\Local\Temp\c8c35953e2255dd7f30b8ba87ba822d2.exe

Filesize
1.5MB

MD5
94768e68c279e80d0cf01334e29711ac

SHA1
f28e0fbd5ffd32f4fe478401c5e165b6fbba50b1

SHA256
264dcb4643d50f71f239746e4aa47b7b400cfc67d3ab01f523e7c74af2620d8a

SHA512
7a89848a874df7a220df29d174a5a9639f52920923303ecd1bc4800b418d4579daf7f0ae415cc8658717fd4f193ee417e548d692240215af6979f6efc5523693

Download Submit
memory/1680-20-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1680-17-0x0000000000260000-0x0000000000393000-memory.dmp

Filesize
1.2MB

Download
memory/1680-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1680-25-0x00000000034F0000-0x000000000371A000-memory.dmp

Filesize
2.2MB

Download
memory/1680-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1680-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2736-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2736-2-0x0000000001B20000-0x0000000001C53000-memory.dmp

Filesize
1.2MB

Download
memory/2736-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2736-14-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2736-18-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download