898b92b4faaa6403e96d7e4177990d62e59e734fb02be83a7de654b428879a9c

Analysis

max time kernel
170s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 12:57

Target

9374ca415443e99ad29fd646b4ab6312.exe
Size

353KB
MD5

9374ca415443e99ad29fd646b4ab6312
SHA1

c3ac1b6fbd17eef29158ddce3455c1789e8617f4
SHA256

898b92b4faaa6403e96d7e4177990d62e59e734fb02be83a7de654b428879a9c
SHA512

49878aa18d83adce7ce82e55343e295adade3ba74335d986c9a0a6d76e9323844353e12df27c5933749d95bcfa7ef453c55637c7c04227d90976dcbe94c83538
SSDEEP

6144:H5xAZ2q3eaisJ3+w9auAB723qd2x2AXXuuVSUnj41/YdxfsLPrPwo+:IaTYuw9aBWeA2L1Unj4VYTfmE

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4812	9374ca415443e99ad29fd646b4ab6312.exe

Executes dropped EXE 1 IoCs

pid	Process
4812	9374ca415443e99ad29fd646b4ab6312.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4988-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral2/files/0x000600000001e71b-12.dat	upx
behavioral2/memory/4812-13-0x0000000000400000-0x00000000004F1000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4988	9374ca415443e99ad29fd646b4ab6312.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4988	9374ca415443e99ad29fd646b4ab6312.exe
4812	9374ca415443e99ad29fd646b4ab6312.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 4812	4988	9374ca415443e99ad29fd646b4ab6312.exe	88
PID 4988 wrote to memory of 4812	4988	9374ca415443e99ad29fd646b4ab6312.exe	88
PID 4988 wrote to memory of 4812	4988	9374ca415443e99ad29fd646b4ab6312.exe	88

C:\Users\Admin\AppData\Local\Temp\9374ca415443e99ad29fd646b4ab6312.exe

Filesize
353KB

MD5
d95f39f75ccbf99fca5795294a258cb7

SHA1
7d2736b466c1019db168f847292bdda9017a59f3

SHA256
6db020d98c53a293b507cec91d0ffdd864102e205d115eff20ce6179c3c7ec60

SHA512
907412fd47599b74b1a7762dfd856b91f128a26f64f257fe834e163766059e42a510d68160f3949a86b8485e9b514e934d254c0e6a0f3c95dda6e6369bff5a7e

Download Submit
memory/4812-13-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/4812-15-0x0000000000110000-0x0000000000143000-memory.dmp

Filesize
204KB

Download
memory/4812-16-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4812-21-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4812-22-0x00000000004B0000-0x0000000000500000-memory.dmp

Filesize
320KB

Download
memory/4812-28-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/4988-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/4988-1-0x0000000001620000-0x0000000001653000-memory.dmp

Filesize
204KB

Download
memory/4988-2-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4988-14-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download