4e362f672bf9e0cd9a7310db8e782e41481d85af7e1584ede9ed8bcd2202ac14

Analysis

max time kernel
140s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 16:55

Target

f9a0aef23e5614d1ca6fab9dca920f76.exe
Size

2.9MB
MD5

f9a0aef23e5614d1ca6fab9dca920f76
SHA1

c7f8316d870f3f071ed3a7c3cac365fa1feaf24e
SHA256

4e362f672bf9e0cd9a7310db8e782e41481d85af7e1584ede9ed8bcd2202ac14
SHA512

dc29a2d573a4ce5dbc211567e9b43bb52993bc286ffee551b280bcd6d9a48b80c3807ae25bf3a55ad34c9621410f40a33100e6a94c8b54af69415ecf0c128d23
SSDEEP

49152:u0UW6r6EEBpm62YOpFdzzk/6l+pFZesReo/xEcOvlzBfeL/O/LcaL/yVE:u0UbGEpY4FVzk/6l+pFZfN/xevdB+OIG

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3804	f9a0aef23e5614d1ca6fab9dca920f76.exe

Executes dropped EXE 1 IoCs

pid	Process
3804	f9a0aef23e5614d1ca6fab9dca920f76.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1876-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0006000000023205-11.dat	upx
behavioral2/memory/3804-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1876	f9a0aef23e5614d1ca6fab9dca920f76.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1876	f9a0aef23e5614d1ca6fab9dca920f76.exe
3804	f9a0aef23e5614d1ca6fab9dca920f76.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1876 wrote to memory of 3804	1876	f9a0aef23e5614d1ca6fab9dca920f76.exe	91
PID 1876 wrote to memory of 3804	1876	f9a0aef23e5614d1ca6fab9dca920f76.exe	91
PID 1876 wrote to memory of 3804	1876	f9a0aef23e5614d1ca6fab9dca920f76.exe	91

C:\Users\Admin\AppData\Local\Temp\f9a0aef23e5614d1ca6fab9dca920f76.exe

Filesize
335KB

MD5
738ab79f281666d40d6c8a5f306e8b05

SHA1
cd365de695ccc1967342e465b51c990fe89d550c

SHA256
79c7f9e5120c092df39fd9612f18c025fea6d126e82611c25706def9c82e2781

SHA512
d09a2060fe7e7dd4f5ee8ee5e8d95f009d9cf130ab84f4c02e130951fc8e50d2dd7679f3865d7be0d7efb3047b6b046eba1f52498a67729bd32e529b76774679

Download Submit
memory/1876-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1876-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1876-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1876-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3804-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3804-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3804-15-0x0000000001DE0000-0x0000000001F13000-memory.dmp

Filesize
1.2MB

Download
memory/3804-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3804-20-0x00000000056E0000-0x000000000590A000-memory.dmp

Filesize
2.2MB

Download
memory/3804-27-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download