934467558c7f5e524f1b60b4c7489276d04511d418899f90203f08ca4a64ea9b

Analysis

max time kernel
130s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 13:51

Target

afc4f96b05b7bca79e6440bdd04ab7ce.exe
Size

2.7MB
MD5

afc4f96b05b7bca79e6440bdd04ab7ce
SHA1

eaa5b45e298d9216f66ab9d86d3c9edac0f3fad3
SHA256

934467558c7f5e524f1b60b4c7489276d04511d418899f90203f08ca4a64ea9b
SHA512

427b6d8129848327fc2f87e04b365238a026c344960fccdfe9a23b564dc6eaf812ae9dffee3d1b0a09127fd785ff61f4c909eacb1639cbd86a87d980c645e1f5
SSDEEP

49152:G5514GLst9MHGk5/P/TNbmAVffrZolfWyIReJ6Sp6jpwjSe6VMq5a0a9Srf:O52JmGk5/P/ZmAVnrZolTYSINmwe0Awf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3584	afc4f96b05b7bca79e6440bdd04ab7ce.exe

Executes dropped EXE 1 IoCs

pid	Process
3584	afc4f96b05b7bca79e6440bdd04ab7ce.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1980-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002322b-12.dat	upx
behavioral2/memory/3584-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1980	afc4f96b05b7bca79e6440bdd04ab7ce.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1980	afc4f96b05b7bca79e6440bdd04ab7ce.exe
3584	afc4f96b05b7bca79e6440bdd04ab7ce.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1980 wrote to memory of 3584	1980	afc4f96b05b7bca79e6440bdd04ab7ce.exe	89
PID 1980 wrote to memory of 3584	1980	afc4f96b05b7bca79e6440bdd04ab7ce.exe	89
PID 1980 wrote to memory of 3584	1980	afc4f96b05b7bca79e6440bdd04ab7ce.exe	89

C:\Users\Admin\AppData\Local\Temp\afc4f96b05b7bca79e6440bdd04ab7ce.exe

Filesize
186KB

MD5
ce0f847d08ab74879a969faa497d91ef

SHA1
627d309e0d3ccc0155aee72b8020abc4761ed399

SHA256
ee2f51ba398b6f9c39b61b7623dfc67b0b18c47da76c4229a29a450231871b18

SHA512
86ce3d58e88074efc8a6548c62e0d50486e3e20f5157051c113f2dc102a8794db9d6b8be8a7bafb966a50d1cfdec68c338e6c84031d54ee3689cca2ba18a500e

Download Submit
memory/1980-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1980-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1980-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1980-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3584-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3584-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3584-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3584-21-0x0000000005540000-0x000000000576A000-memory.dmp

Filesize
2.2MB

Download
memory/3584-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3584-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download