d6e93f2d4c6ff01a5ddfa549c7e997e312fe78dd07ab74746dd649ec69b98283

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 03:12

Target

d6e93f2d4c6ff01a5ddfa549c7e997e312fe78dd07ab74746dd649ec69b98283.exe
Size

83KB
MD5

7cc271d7401e55b348259ed696f2cb45
SHA1

f22076d2143db286da97e6e95437498a34116ca3
SHA256

d6e93f2d4c6ff01a5ddfa549c7e997e312fe78dd07ab74746dd649ec69b98283
SHA512

264cbbde8bf9f7d2ca7c1f76766b9a2475dd7c56e42c158a90e289955be86bbe1273ed2bb98e99168e0483ae35c024ead0a1e49c0ac77027a9a608712013fe2a
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+oK:LJ0TAz6Mte4A+aaZx8EnCGVuo

Score

9^/10

upx

UPX dump on OEP (original entry point) 7 IoCs

resource	yara_rule
behavioral1/memory/2244-0-0x0000000000400000-0x000000000042A000-memory.dmp	UPX
behavioral1/memory/2244-1-0x0000000000400000-0x000000000042A000-memory.dmp	UPX
behavioral1/memory/2244-7-0x0000000000400000-0x000000000042A000-memory.dmp	UPX
behavioral1/files/0x0004000000004ed7-11.dat	UPX
behavioral1/memory/2244-14-0x0000000000400000-0x000000000042A000-memory.dmp	UPX
behavioral1/memory/2244-21-0x0000000000400000-0x000000000042A000-memory.dmp	UPX
behavioral1/memory/2244-28-0x0000000000400000-0x000000000042A000-memory.dmp	UPX

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2244-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2244-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2244-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-11.dat	upx
behavioral1/memory/2244-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2244-21-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/2244-28-0x0000000000400000-0x000000000042A000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\d6e93f2d4c6ff01a5ddfa549c7e997e312fe78dd07ab74746dd649ec69b98283.exe
"C:\Users\Admin\AppData\Local\Temp\d6e93f2d4c6ff01a5ddfa549c7e997e312fe78dd07ab74746dd649ec69b98283.exe"
1⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\rifaien2-npRSbEhv9ASSldp7.exe

Filesize
83KB

MD5
76313aaa6a19d39c875d909243c3ebde

SHA1
79f0128321ed7254530082d3efe77270b3919105

SHA256
147f6e4eac404a42fd5b9f24d0a28cc244bd55f554262d1af80a6d41e7261561

SHA512
0e270d8566bc9067a31f6ff51daa2164bde129c4ce3da3f33ea0900d6564b3813a9c96e5be57485832ee5cb5bbbc93ccabfb54b859e3f95fb024e796d30bdc8e

Download Submit
memory/2244-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2244-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2244-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2244-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2244-21-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2244-28-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download