c283eb0d004215558dd510f119d9eedde9f230636e830764308ffede0ba7d93f

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 17:32

Target

d6b61543939ea364f0bab55f0e67b858.exe
Size

5.3MB
MD5

d6b61543939ea364f0bab55f0e67b858
SHA1

e5bac254b5e947071612e0788f1240010fcf4b12
SHA256

c283eb0d004215558dd510f119d9eedde9f230636e830764308ffede0ba7d93f
SHA512

b64d943b901f0fed3fea18a24349c1a1aaf2ab0c1350478cc8158c3aca11fa60418aaed6628d1bed622a8d972c5cdd827a8e90dc89a66809c084c938a5d1e568
SSDEEP

98304:NIFE/HXTwgPLdcbrJMtLZ4FTyOkqkrijMHAiBPTsBJc+brJMtLZ4FTyOkqkrijMH:NIFErLdcb46ByOkyMHLBrKpb46ByOkyG

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2956	d6b61543939ea364f0bab55f0e67b858.exe

Executes dropped EXE 1 IoCs

pid	Process
2956	d6b61543939ea364f0bab55f0e67b858.exe

Loads dropped DLL 1 IoCs

pid	Process
772	d6b61543939ea364f0bab55f0e67b858.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/772-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral1/files/0x000c0000000133a4-11.dat	upx
behavioral1/memory/2956-18-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
772	d6b61543939ea364f0bab55f0e67b858.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
772	d6b61543939ea364f0bab55f0e67b858.exe
2956	d6b61543939ea364f0bab55f0e67b858.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 772 wrote to memory of 2956	772	d6b61543939ea364f0bab55f0e67b858.exe	28
PID 772 wrote to memory of 2956	772	d6b61543939ea364f0bab55f0e67b858.exe	28
PID 772 wrote to memory of 2956	772	d6b61543939ea364f0bab55f0e67b858.exe	28
PID 772 wrote to memory of 2956	772	d6b61543939ea364f0bab55f0e67b858.exe	28

\Users\Admin\AppData\Local\Temp\d6b61543939ea364f0bab55f0e67b858.exe

Filesize
5.3MB

MD5
4b3c00ab6109a2c9ebd9f82b3c29bdfb

SHA1
36f8bbad292ae0fa7cb38b9c66daf0d3040763a1

SHA256
b660c27c2959f3346d549135d451c7535c8ed1744d25597a429ab2006bb92215

SHA512
0a333724fd4f13eac41254fb476d5fa426a1153d0bf364d5bdf8c564ff19121a5a6228553f73b1a001b7070fe2b0db2d07f42a53b9c7ae798be42681cf749aa1

Download Submit
memory/772-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/772-2-0x0000000001A60000-0x0000000001B72000-memory.dmp

Filesize
1.1MB

Download
memory/772-1-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/772-16-0x0000000003D80000-0x00000000041EA000-memory.dmp

Filesize
4.4MB

Download
memory/772-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/772-26-0x0000000003D80000-0x00000000041EA000-memory.dmp

Filesize
4.4MB

Download
memory/2956-18-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2956-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2956-20-0x0000000000130000-0x0000000000242000-memory.dmp

Filesize
1.1MB

Download
memory/2956-27-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download