f6c80cf8dd7cee15dbdc84e551e37c79c88ab6dceb097b625716c645be261da5

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22-08-2024 15:13

Target

65553f6ca3ccf1a342f936a2b3256190N.exe
Size

9.3MB
MD5

65553f6ca3ccf1a342f936a2b3256190
SHA1

cb9e7da4d9ad902e49f1c12d69f945203d955f3e
SHA256

f6c80cf8dd7cee15dbdc84e551e37c79c88ab6dceb097b625716c645be261da5
SHA512

45e3c5af91bf8b1c5320d33aea1f398048876b7ce6906085fa013e5798e5ea43def72d3c41b11541361cb9ea10d979f565aef5453d32f489ad9ca44b0df60c00
SSDEEP

196608:XhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhA:u

Score

7^/10

upx

Executes dropped EXE 1 IoCs

pid	Process
1980	svrwsc.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3068-0-0x0000000000400000-0x000000000042B000-memory.dmp	upx
behavioral1/files/0x0007000000012119-4.dat	upx
behavioral1/memory/1980-5-0x0000000000400000-0x000000000042B000-memory.dmp	upx
behavioral1/memory/1980-6-0x0000000000400000-0x000000000042B000-memory.dmp	upx

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\svrwsc.exe	65553f6ca3ccf1a342f936a2b3256190N.exe
File created	C:\Windows\SysWOW64\svrwsc.exe	svrwsc.exe

C:\Users\Admin\AppData\Local\Temp\65553f6ca3ccf1a342f936a2b3256190N.exe
"C:\Users\Admin\AppData\Local\Temp\65553f6ca3ccf1a342f936a2b3256190N.exe"
1⤵
- Drops file in System32 directory
PID:3068

C:\Windows\SysWOW64\svrwsc.exe

Filesize
9.7MB

MD5
f70c9280ccd317fd34b8c13b2ff920f8

SHA1
edb9ea5d3428cdad4f3be5bc829343552ce8ca33

SHA256
49da597cf4e54c1dadf86f96c187261b89683216dfd0088419d0a6a7653df731

SHA512
d8830d6d8dbd62e84ea73b36a549b524268dd5403246242cdd52cfaec919551537119868d110aee029c668a856fbe5572e1354c5e92e212e3454e82dc427f227

Download Submit
memory/1980-5-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1980-8-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1980-6-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3068-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3068-1-0x00000000003B0000-0x00000000003B5000-memory.dmp

Filesize
20KB

Download
memory/3068-2-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3068-9-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download