1320832efe50a9460ca535fa8f490194000140a8cde567d2e8f20125a560146e

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 11:05

Target

df030e0a13ed757fba1466a26f1ddb74.exe
Size

1.5MB
MD5

df030e0a13ed757fba1466a26f1ddb74
SHA1

d42eabac3f7090f5306636291c2a7ad1abf07cf3
SHA256

1320832efe50a9460ca535fa8f490194000140a8cde567d2e8f20125a560146e
SHA512

4eb5bf179bb5b0e646f361333dedd72e75166328303b39f945dea98ef9cb473e81188d15bffdefbfc8dc5e06488f702ba17fc7f92ef95c416671d8e767749b87
SSDEEP

24576:HIGb7ulgWb0OKXW6RJWxeIL13WXI1ib6cD0uosK8nYO2Cru6awqSdjU1YAW:HHb7o9hf6RJWxxF1ib6sbKiu6awxdj2n

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2512	df030e0a13ed757fba1466a26f1ddb74.exe

Executes dropped EXE 1 IoCs

pid	Process
2512	df030e0a13ed757fba1466a26f1ddb74.exe

Loads dropped DLL 1 IoCs

pid	Process
1692	df030e0a13ed757fba1466a26f1ddb74.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1692-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral1/files/0x000b000000012254-10.dat	upx
behavioral1/memory/2512-17-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1692	df030e0a13ed757fba1466a26f1ddb74.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1692	df030e0a13ed757fba1466a26f1ddb74.exe
2512	df030e0a13ed757fba1466a26f1ddb74.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 2512	1692	df030e0a13ed757fba1466a26f1ddb74.exe	28
PID 1692 wrote to memory of 2512	1692	df030e0a13ed757fba1466a26f1ddb74.exe	28
PID 1692 wrote to memory of 2512	1692	df030e0a13ed757fba1466a26f1ddb74.exe	28
PID 1692 wrote to memory of 2512	1692	df030e0a13ed757fba1466a26f1ddb74.exe	28

\Users\Admin\AppData\Local\Temp\df030e0a13ed757fba1466a26f1ddb74.exe

Filesize
1.5MB

MD5
5c48c4428d509224ec18428eab009888

SHA1
25b04a9f4084add804151a3490395f1351fbd7bd

SHA256
f0b12425e7e11f9ff52b52dd01f9628bba03208942a44b84b01018aa8c5dbd04

SHA512
baeaabcc1ee87be7c2298cd2be9f6b0dd6cc97dc0c02841fd1b26868cc2958b47b61b8cbf7abdf9df41de6c622b9825f17cd2a1e1ef30bb96d70325eb26379c8

Download Submit
memory/1692-1-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1692-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1692-3-0x0000000000130000-0x0000000000263000-memory.dmp

Filesize
1.2MB

Download
memory/1692-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1692-15-0x0000000003510000-0x00000000039FF000-memory.dmp

Filesize
4.9MB

Download
memory/2512-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2512-18-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2512-19-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2512-25-0x0000000003570000-0x000000000379A000-memory.dmp

Filesize
2.2MB

Download
memory/2512-24-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2512-32-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download