9b726eaea828875a76edecdb76563e57c16e5302cf7cf7983baa058915b8fa97

Analysis

max time kernel
147s
max time network
83s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 17:33

Target

08a9d37ad87d7f5f0048e3cb26436a5c.exe
Size

1010KB
MD5

08a9d37ad87d7f5f0048e3cb26436a5c
SHA1

9f47aa53901735f012409618ab57a08a026f2b93
SHA256

9b726eaea828875a76edecdb76563e57c16e5302cf7cf7983baa058915b8fa97
SHA512

35aca76060c41fe5373325b6bb1574ff3b856eaafdd423b41541b09fc698b443b6c12ed1e7b8d8115d174dfaa4da735d0430ed2b0281bc5ff61bbd4fee65ad90
SSDEEP

12288:9yBqSDUCa48MZUP+YTfmQOohSdgSH1KTAOPBo3+zHYTfm:kD4ehmfBhShH1EAemf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2712	08a9d37ad87d7f5f0048e3cb26436a5c.exe

Executes dropped EXE 1 IoCs

pid	Process
2712	08a9d37ad87d7f5f0048e3cb26436a5c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2984-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral2/memory/2712-13-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral2/files/0x000e00000002314b-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2984	08a9d37ad87d7f5f0048e3cb26436a5c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2984	08a9d37ad87d7f5f0048e3cb26436a5c.exe
2712	08a9d37ad87d7f5f0048e3cb26436a5c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 2712	2984	08a9d37ad87d7f5f0048e3cb26436a5c.exe	18
PID 2984 wrote to memory of 2712	2984	08a9d37ad87d7f5f0048e3cb26436a5c.exe	18
PID 2984 wrote to memory of 2712	2984	08a9d37ad87d7f5f0048e3cb26436a5c.exe	18

C:\Users\Admin\AppData\Local\Temp\08a9d37ad87d7f5f0048e3cb26436a5c.exe

Filesize
19KB

MD5
0cc276fb67bcd076c2e8577acece324b

SHA1
f77da7fe235684fd4fb37e26aed671822781adc0

SHA256
5a87e761bace49a5b8251a85561f517aeff86c495d4e4529ac2961174f37aac1

SHA512
c96190bae1baff1ff6b7832ca4c19ac800d4b0965c66f794d74ee672d27e0ecf655803488d7f22f59604102e1f32cf416d3f72015abbba7d5e4777c37e4d0ef6

Download Submit
memory/2712-21-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/2712-23-0x0000000001500000-0x0000000001550000-memory.dmp

Filesize
320KB

Download
memory/2712-16-0x0000000000150000-0x0000000000183000-memory.dmp

Filesize
204KB

Download
memory/2712-15-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2712-13-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2712-28-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2984-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/2984-1-0x0000000001500000-0x0000000001533000-memory.dmp

Filesize
204KB

Download
memory/2984-14-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2984-2-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download