270cba652159b60d3e885ce06cbff51ac9d581ad6fa2de1fb54bfafffed00e27

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 16:08

Target

e94216f8f4e893969a0e181a0ffa361c.exe
Size

11.7MB
MD5

e94216f8f4e893969a0e181a0ffa361c
SHA1

0d0307118a694f4395043340209cd069537a8624
SHA256

270cba652159b60d3e885ce06cbff51ac9d581ad6fa2de1fb54bfafffed00e27
SHA512

22738c769c33fde1674665755461be5b4826f76f930e4e67c20d8ce1cea887559937f1edc52c25b9dd964cc2d7230858291ab22e61c412a7f1788f5491c1badc
SSDEEP

196608:cQgQNPYGhRaaCkN9qHGhRaYu4i4Rh/PGhRaaCkN9qHGhRa:cONgOxzNEHO7uORFOxzNEHO

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
704	e94216f8f4e893969a0e181a0ffa361c.exe

Executes dropped EXE 1 IoCs

pid	Process
704	e94216f8f4e893969a0e181a0ffa361c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2376-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00070000000231fc-11.dat	upx
behavioral2/memory/704-12-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2376	e94216f8f4e893969a0e181a0ffa361c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2376	e94216f8f4e893969a0e181a0ffa361c.exe
704	e94216f8f4e893969a0e181a0ffa361c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 704	2376	e94216f8f4e893969a0e181a0ffa361c.exe	91
PID 2376 wrote to memory of 704	2376	e94216f8f4e893969a0e181a0ffa361c.exe	91
PID 2376 wrote to memory of 704	2376	e94216f8f4e893969a0e181a0ffa361c.exe	91

C:\Users\Admin\AppData\Local\Temp\e94216f8f4e893969a0e181a0ffa361c.exe

Filesize
892KB

MD5
8bc1a9303f52b746c3e01e34f27c7be7

SHA1
90ae6cb566163e767301c8dfec0340ce3d6af2c4

SHA256
29ff1d9b00cb44e8d76bd9aa1f21e1e1ea412938773bba03b952aa6b4a8a8514

SHA512
a1c9f649ed1d56c63d142e068373e0906003affd602f476a5fc41e21863354838480f3fd01efe32126b7728c9694d11b1330861800d237195b69b29bd3dbb6f0

Download Submit
memory/704-12-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/704-15-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/704-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/704-20-0x0000000005640000-0x000000000586A000-memory.dmp

Filesize
2.2MB

Download
memory/704-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/704-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2376-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2376-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2376-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2376-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download