caf4ce8ac1f76a077348d5533d6f9e0129756a0c766abc292f5c0dcfa040c53a

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 20:09

Target

02a2ba4c8321fd36d5d22b20f4fcbfd2.exe
Size

5.8MB
MD5

02a2ba4c8321fd36d5d22b20f4fcbfd2
SHA1

194d071ba3eb9e1d568954fd0c9014c2a4db4c68
SHA256

caf4ce8ac1f76a077348d5533d6f9e0129756a0c766abc292f5c0dcfa040c53a
SHA512

5ec4a1ccf624298dda316a99841cc42bb7a0655440f64f7c0bf1cc111a0176dce427e72ba6a51a53c50df068cfd5a2503c74773e0b44c8ca68a72b421836508a
SSDEEP

98304:L7TgIIr7RICdvI2o7ugg3gnl/IVUs1jePsHjYrhRNm7yEzgg3gnl/IVUs1jePs:bgIItvo7agl/iBiPwakLpgl/iBiP

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
372	02a2ba4c8321fd36d5d22b20f4fcbfd2.exe

Executes dropped EXE 1 IoCs

pid	Process
372	02a2ba4c8321fd36d5d22b20f4fcbfd2.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3076-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/372-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000b000000023161-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3076	02a2ba4c8321fd36d5d22b20f4fcbfd2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3076	02a2ba4c8321fd36d5d22b20f4fcbfd2.exe
372	02a2ba4c8321fd36d5d22b20f4fcbfd2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3076 wrote to memory of 372	3076	02a2ba4c8321fd36d5d22b20f4fcbfd2.exe	34
PID 3076 wrote to memory of 372	3076	02a2ba4c8321fd36d5d22b20f4fcbfd2.exe	34
PID 3076 wrote to memory of 372	3076	02a2ba4c8321fd36d5d22b20f4fcbfd2.exe	34

C:\Users\Admin\AppData\Local\Temp\02a2ba4c8321fd36d5d22b20f4fcbfd2.exe

Filesize
298KB

MD5
0ae30b800782966b220a2dceaebff114

SHA1
ea8b56fd6ddf9e540df3d40014e154b2264062fa

SHA256
d993624daa559e53e866b4836febc22b54a98b7c749b9697e8292d75f9fee9fd

SHA512
398e6df85a65b226b6f3c9cdb564d020e249ab1363480694c731e7e40244fdfd6f9e5cc24cf7f0b7e0781e054e30c4ced81865429fc7d8f8377e62f1a6de918b

Download Submit
memory/372-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/372-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/372-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/372-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/372-21-0x00000000055C0000-0x00000000057EA000-memory.dmp

Filesize
2.2MB

Download
memory/372-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3076-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3076-1-0x0000000001CA0000-0x0000000001DD3000-memory.dmp

Filesize
1.2MB

Download
memory/3076-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3076-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download