dc5d7cabda83e06baf3a77ec7cf3269734f4b58bafb608bacac9cfb6ce38deda

Analysis

max time kernel
144s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 14:22

Target

bf04896f79ddb56541c7c6befd472639.exe
Size

2.7MB
MD5

bf04896f79ddb56541c7c6befd472639
SHA1

32f075233f54aa402e8acfdf7bdcbc2e9b3269a2
SHA256

dc5d7cabda83e06baf3a77ec7cf3269734f4b58bafb608bacac9cfb6ce38deda
SHA512

82b4c53f2686d996a79292a1a30123ba8abda3856383e1b1042d07cf9bebe7016a6c5c05c40b0105995a043a13aff3bea73018d4a1174c76988ab3d6195073e3
SSDEEP

49152:7DAcxecSc8yLwvDATR5mrmgUS5Gw2v10cInF6uKikMmybWw4UV2Pca:fABdlmwvDPUS5L617IFjEFzw9oP

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4412	bf04896f79ddb56541c7c6befd472639.exe

Executes dropped EXE 1 IoCs

pid	Process
4412	bf04896f79ddb56541c7c6befd472639.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/740-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral2/files/0x000700000002322d-13.dat	upx
behavioral2/memory/4412-14-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
740	bf04896f79ddb56541c7c6befd472639.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
740	bf04896f79ddb56541c7c6befd472639.exe
4412	bf04896f79ddb56541c7c6befd472639.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 4412	740	bf04896f79ddb56541c7c6befd472639.exe	88
PID 740 wrote to memory of 4412	740	bf04896f79ddb56541c7c6befd472639.exe	88
PID 740 wrote to memory of 4412	740	bf04896f79ddb56541c7c6befd472639.exe	88

C:\Users\Admin\AppData\Local\Temp\bf04896f79ddb56541c7c6befd472639.exe

Filesize
245KB

MD5
714e970306c937be5105536dc8438029

SHA1
8da72765972f0f11ce71413d63a64960672435d7

SHA256
94b4b74710103f76e133fd54691853ad8cf4897827756de3cb123950495ae123

SHA512
2868657afff7a4255b302ae8b6f379a5b576c6355ff1f1cf971fc4f7b3d36f75d0fcabb1faa2612b80f350d4e3f0da210791ac72b00a5bc05a39946282f56536

Download Submit
memory/740-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/740-1-0x0000000001C30000-0x0000000001D42000-memory.dmp

Filesize
1.1MB

Download
memory/740-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/740-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/4412-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/4412-16-0x0000000001C10000-0x0000000001D22000-memory.dmp

Filesize
1.1MB

Download
memory/4412-14-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/4412-24-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download