3becaf4fed494bc02348da10daa68a4d4e403055b566bfd85f705dae2a49fe27

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 20:27

Target

3becaf4fed494bc02348da10daa68a4d4e403055b566bfd85f705dae2a49fe27.exe
Size

83KB
MD5

9fcf11b241e487e53a499ec5fd54c821
SHA1

02aa0fee48ca114c484c184c8c5a0fff15e86d71
SHA256

3becaf4fed494bc02348da10daa68a4d4e403055b566bfd85f705dae2a49fe27
SHA512

ae3511abdfadd113cc9b2adbdafa6a2d54e125d0f5a24646976247ccb49466aa5a334389c0de7fa7369a09d2568a981fa3845000077efbea7e5d422d06db2abb
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+EK:LJ0TAz6Mte4A+aaZx8EnCGVuE

Score

9^/10

upx

UPX dump on OEP (original entry point) 7 IoCs

resource	yara_rule
behavioral1/memory/1984-0-0x0000000000400000-0x000000000042A000-memory.dmp	UPX
behavioral1/memory/1984-1-0x0000000000400000-0x000000000042A000-memory.dmp	UPX
behavioral1/memory/1984-7-0x0000000000400000-0x000000000042A000-memory.dmp	UPX
behavioral1/files/0x0004000000004ed7-11.dat	UPX
behavioral1/memory/1984-14-0x0000000000400000-0x000000000042A000-memory.dmp	UPX
behavioral1/memory/1984-21-0x0000000000400000-0x000000000042A000-memory.dmp	UPX
behavioral1/memory/1984-28-0x0000000000400000-0x000000000042A000-memory.dmp	UPX

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1984-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1984-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1984-7-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/files/0x0004000000004ed7-11.dat	upx
behavioral1/memory/1984-14-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1984-21-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1984-28-0x0000000000400000-0x000000000042A000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\3becaf4fed494bc02348da10daa68a4d4e403055b566bfd85f705dae2a49fe27.exe
"C:\Users\Admin\AppData\Local\Temp\3becaf4fed494bc02348da10daa68a4d4e403055b566bfd85f705dae2a49fe27.exe"
1⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\rifaien2-k4to136l0Wd1McAs.exe

Filesize
83KB

MD5
1fb7e50070ed1dd094e5bf3a62535bf0

SHA1
3a059677414c0df33e6b79dfebf4f02b60b5dfc9

SHA256
200dabfc0793aafa001b27095040cbb8f8f3982fb7bd684f29d5675e3b1d1657

SHA512
97cb2399b45749fed43f78389aace9cb627e3676d4c7e07143170dc739dfd96562ab259bf6f10a9149fcb2b45c7acfb0704deb37ba016858b4358077743bed32

Download Submit
memory/1984-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1984-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1984-7-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1984-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1984-21-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1984-28-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download