8a77c8eb7a429060d5abdc9082adadc71a3a3b24fda892d9188d95610776afb1

Analysis

max time kernel
152s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 13:56

Target

2388ef6542cb8646bddb14ef355a6ee3.exe
Size

56KB
MD5

2388ef6542cb8646bddb14ef355a6ee3
SHA1

d11153d61dfdd41453b9329397a6ebdc93ea43d4
SHA256

8a77c8eb7a429060d5abdc9082adadc71a3a3b24fda892d9188d95610776afb1
SHA512

b2598683920ed4526e1f6f4fde8d5578cac20a996a87db37738dd0f57d19d3bf41fea7b1a05653ee337ee4dd5b7474ae59d791040a7b158d149b15bf262b1c7b
SSDEEP

1536:In/F5zEmHs9a6h6B2BlaD9ApWGSx2jSUjmiG0sy8G0aqM:I//BHs9jg4WijjJV8r

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4836	2388ef6542cb8646bddb14ef355a6ee3.exe

Executes dropped EXE 1 IoCs

pid	Process
4836	2388ef6542cb8646bddb14ef355a6ee3.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2752-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/memory/4836-13-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0006000000023227-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2752	2388ef6542cb8646bddb14ef355a6ee3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2752	2388ef6542cb8646bddb14ef355a6ee3.exe
4836	2388ef6542cb8646bddb14ef355a6ee3.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 4836	2752	2388ef6542cb8646bddb14ef355a6ee3.exe	92
PID 2752 wrote to memory of 4836	2752	2388ef6542cb8646bddb14ef355a6ee3.exe	92
PID 2752 wrote to memory of 4836	2752	2388ef6542cb8646bddb14ef355a6ee3.exe	92

C:\Users\Admin\AppData\Local\Temp\2388ef6542cb8646bddb14ef355a6ee3.exe

Filesize
56KB

MD5
cf5eb338f138530d81e4b54b0c4a9e45

SHA1
2500818b86202afc1f326b4bb162d0819f315792

SHA256
66a7b9a0d604275c65a2193ad714cb59e9a92c882120d0894c81520374402f7c

SHA512
0b5ddf0be20e31008ab3b770e374066180381da8512fbbf39e2833dfc51f4ab3484f79fcc995d76ae6bcac8268cae69dbd5061ab68cce29d5caadcb9423d09ae

Download Submit
memory/2752-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2752-1-0x00000000000E0000-0x00000000000EE000-memory.dmp

Filesize
56KB

Download
memory/2752-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2752-12-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4836-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4836-14-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4836-16-0x0000000000190000-0x000000000019E000-memory.dmp

Filesize
56KB

Download
memory/4836-25-0x00000000014C0000-0x00000000014DB000-memory.dmp

Filesize
108KB

Download
memory/4836-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4836-26-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download