96fcbc2e18d19567891dbd27a6a8311a61b7536840bf054fe955eacd8a35ad8a

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 19:56

Target

39a0ca7b4198b9d9088d872a0892f257.exe
Size

2.9MB
MD5

39a0ca7b4198b9d9088d872a0892f257
SHA1

42500866dc49adc341452c9b190cea9f9a4af13c
SHA256

96fcbc2e18d19567891dbd27a6a8311a61b7536840bf054fe955eacd8a35ad8a
SHA512

c82ebfb4cbd24c831eed43ec2e1a80931f8c00900b1b302b00677ec11054a7dcd428fc4ea6ecb449fa78f515a99a411dc23c6a1ec1c725448672618dcb886346
SSDEEP

49152:XGTi2j0z86jSeVFLU3l0QmXcDgfC3p4N74NH5HUyNRcUsCVOzetdZJ:WT5j0MeVK3GNRmi4HBUCczzM3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2616	39a0ca7b4198b9d9088d872a0892f257.exe

Executes dropped EXE 1 IoCs

pid	Process
2616	39a0ca7b4198b9d9088d872a0892f257.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1360-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0006000000023225-11.dat	upx
behavioral2/memory/2616-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1360	39a0ca7b4198b9d9088d872a0892f257.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1360	39a0ca7b4198b9d9088d872a0892f257.exe
2616	39a0ca7b4198b9d9088d872a0892f257.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 2616	1360	39a0ca7b4198b9d9088d872a0892f257.exe	91
PID 1360 wrote to memory of 2616	1360	39a0ca7b4198b9d9088d872a0892f257.exe	91
PID 1360 wrote to memory of 2616	1360	39a0ca7b4198b9d9088d872a0892f257.exe	91

C:\Users\Admin\AppData\Local\Temp\39a0ca7b4198b9d9088d872a0892f257.exe

Filesize
1.2MB

MD5
d89fb9f542b3c7a6ca0d5b3e11adb35d

SHA1
786d9c81b265938b314d394eec78c1ec4f59faca

SHA256
ea83932fd3d0728b81da13fc730ee19f514df9a54790de792b8175eddb97ac21

SHA512
28b17c8c301dee3596e5722276a89289d8cdf4dee2814ddf68a6408fbc841f0ab01100bb339a9e5b569c1ad4cd12b1decd981bae34ac6805b8d69230657b9b60

Download Submit
memory/1360-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1360-1-0x0000000001D80000-0x0000000001EB3000-memory.dmp

Filesize
1.2MB

Download
memory/1360-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1360-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2616-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2616-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2616-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2616-20-0x00000000055D0000-0x00000000057FA000-memory.dmp

Filesize
2.2MB

Download
memory/2616-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2616-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download