8333a861f70c2864d07741ddf3872777f1599fd22bd76a06c22e64db195db78c

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 15:11

Target

df7691cde6502804fa2f7ceae1133136.exe
Size

1.3MB
MD5

df7691cde6502804fa2f7ceae1133136
SHA1

45e6d344b9ec672e4e8f9c2c08c7636835ed0caf
SHA256

8333a861f70c2864d07741ddf3872777f1599fd22bd76a06c22e64db195db78c
SHA512

96ad20ef5ca1e0e31aa7c5ebc082ce050b9bbee46496adefcfce6fee5584fa68ee28589ea6dae3e3aaa79342bbf24811ad5909f155c14b943462c78beab3177b
SSDEEP

24576:KLl9Rl34Ma0PtBFoTz8J2gT1LwSlwiL45W96pt6TRU9/9Us:K59TTayuEZT1MS6i8J3R9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1504	df7691cde6502804fa2f7ceae1133136.exe

Executes dropped EXE 1 IoCs

pid	Process
1504	df7691cde6502804fa2f7ceae1133136.exe

Loads dropped DLL 1 IoCs

pid	Process
2276	df7691cde6502804fa2f7ceae1133136.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2276-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/files/0x00080000000122bf-12.dat	upx
behavioral1/memory/1504-17-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral1/memory/2276-13-0x00000000035B0000-0x0000000003A97000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2276	df7691cde6502804fa2f7ceae1133136.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2276	df7691cde6502804fa2f7ceae1133136.exe
1504	df7691cde6502804fa2f7ceae1133136.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 1504	2276	df7691cde6502804fa2f7ceae1133136.exe	28
PID 2276 wrote to memory of 1504	2276	df7691cde6502804fa2f7ceae1133136.exe	28
PID 2276 wrote to memory of 1504	2276	df7691cde6502804fa2f7ceae1133136.exe	28
PID 2276 wrote to memory of 1504	2276	df7691cde6502804fa2f7ceae1133136.exe	28

C:\Users\Admin\AppData\Local\Temp\df7691cde6502804fa2f7ceae1133136.exe

Filesize
1.3MB

MD5
13d3ec49a9ff281c0c20b5a467c64ad9

SHA1
253b4055fe571b58dbd6908ee672cb8d33d936b7

SHA256
7edf8f68c9580b2b53479bb2953196e7271349ba8e429cb3bcdd50762426a932

SHA512
eb687f23e0d059232c8c55b7392a0450671b7c592fd9f42ef4f2786e1b6783f3aa7c08648da28c7c7d8f11e5ad1782d45fb0e86e7ecf491f096e935341c128dd

Download Submit
memory/1504-17-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1504-16-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1504-19-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/1504-23-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1504-24-0x0000000003550000-0x0000000003772000-memory.dmp

Filesize
2.1MB

Download
memory/1504-31-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2276-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2276-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2276-2-0x0000000000270000-0x00000000003A1000-memory.dmp

Filesize
1.2MB

Download
memory/2276-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2276-13-0x00000000035B0000-0x0000000003A97000-memory.dmp

Filesize
4.9MB

Download