cdb91b824093483d5775281248660b19fa8cb9b7a4ba293321d5a199c6b975bb

Analysis

max time kernel
199s
max time network
248s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 16:59

Target

fa31bf0900ade59a187edc03c6855d87.exe
Size

5.3MB
MD5

fa31bf0900ade59a187edc03c6855d87
SHA1

8c540a1d93e1f3abcf7fbddf7ab031c506b1bc92
SHA256

cdb91b824093483d5775281248660b19fa8cb9b7a4ba293321d5a199c6b975bb
SHA512

872a9e821dff1bf5a90c07e30fcae8f784f99da7eec08da030f6787285c71fb0552ced2c96c8b32ccee2086df8bcb1b0fa7244970fc175507dcb3f5ae9d5b9ef
SSDEEP

98304:p4vnhN+Tz+bchPSKwf1EdpS3W4eTz8caEto90yTXJf1EdpS3W4f:IghG1EnwWTTzlaEtoLTX91EnwW8

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3040	fa31bf0900ade59a187edc03c6855d87.exe

Executes dropped EXE 1 IoCs

pid	Process
3040	fa31bf0900ade59a187edc03c6855d87.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4892-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0006000000023205-13.dat	upx
behavioral2/memory/3040-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4892	fa31bf0900ade59a187edc03c6855d87.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4892	fa31bf0900ade59a187edc03c6855d87.exe
3040	fa31bf0900ade59a187edc03c6855d87.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 3040	4892	fa31bf0900ade59a187edc03c6855d87.exe	91
PID 4892 wrote to memory of 3040	4892	fa31bf0900ade59a187edc03c6855d87.exe	91
PID 4892 wrote to memory of 3040	4892	fa31bf0900ade59a187edc03c6855d87.exe	91

C:\Users\Admin\AppData\Local\Temp\fa31bf0900ade59a187edc03c6855d87.exe

Filesize
1.8MB

MD5
d4997c95a54c1ddaf0cf17039524d497

SHA1
215dda19b9fa94f62b94621a556c7f8833cc5f38

SHA256
ae9c576a025f220b0f658dd8b5022cff1ffea1b12100c9235e19897807e31b46

SHA512
e4120831f2e62975f5492e42c13e7a0abe8702bc7e64494228f4f130c53006709ee27c60643aeb1cdf83e9c55622b8eeb9dd7f2ec171abb8e464b8f4299f6955

Download Submit
memory/3040-16-0x0000000001D90000-0x0000000001EC3000-memory.dmp

Filesize
1.2MB

Download
memory/3040-17-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3040-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3040-22-0x0000000005690000-0x00000000058BA000-memory.dmp

Filesize
2.2MB

Download
memory/3040-23-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3040-30-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4892-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4892-1-0x0000000001E10000-0x0000000001F43000-memory.dmp

Filesize
1.2MB

Download
memory/4892-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4892-10-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4892-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download