20e11dc4046f6fd5e5013684e5663a37d3e0bc7da1895d81e3b27426f2c44eb8

Analysis

max time kernel
149s
max time network
80s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 20:38

Target

035ba4837bf9df3cb02ab60942704b27.exe
Size

9.1MB
MD5

035ba4837bf9df3cb02ab60942704b27
SHA1

e2e4527430dabcb2b316f9c2a84411e737655dbf
SHA256

20e11dc4046f6fd5e5013684e5663a37d3e0bc7da1895d81e3b27426f2c44eb8
SHA512

2ea4a74aa1e98f4365b0d3a5d79346ab717db76e5f6be21177a07a9e8be7c652785d546c81302448c6a04e1634f2e1ccd5341019c8368dc20d51993892fafda5
SSDEEP

196608:byM3DqJrSFLgl/iBYJa7QSVtzItgl/iB+B2mgl/iBYJa7QSVtzItgl/iB0:b5uJmFL2i+aUSm2ioX2i+aUSm2i0

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2332	035ba4837bf9df3cb02ab60942704b27.exe

Executes dropped EXE 1 IoCs

pid	Process
2332	035ba4837bf9df3cb02ab60942704b27.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2032-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/2332-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000200000001fafe-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2032	035ba4837bf9df3cb02ab60942704b27.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2032	035ba4837bf9df3cb02ab60942704b27.exe
2332	035ba4837bf9df3cb02ab60942704b27.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2332	2032	035ba4837bf9df3cb02ab60942704b27.exe	29
PID 2032 wrote to memory of 2332	2032	035ba4837bf9df3cb02ab60942704b27.exe	29
PID 2032 wrote to memory of 2332	2032	035ba4837bf9df3cb02ab60942704b27.exe	29

C:\Users\Admin\AppData\Local\Temp\035ba4837bf9df3cb02ab60942704b27.exe

Filesize
18KB

MD5
2896f6fb22e0972b3ebe6c6529baee6b

SHA1
8c515d58c161e1f97eba1b3e0f96b3c4bfe3141a

SHA256
a2fecdd09db012a6880a8cd53c4ef3803342594ac469dabee5dd1010bee0d97a

SHA512
5b03546413a357b57fa2fcb3a70b31d23e31ab8cb394a81ac3fb9b5f04f13d5a2be8d7d2734f4d8d78a8e2504f31b3b560184f5832bb098ac6327a045ca3c366

Download Submit
memory/2032-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2032-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2032-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2032-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2332-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2332-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2332-15-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/2332-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2332-22-0x0000000005620000-0x000000000584A000-memory.dmp

Filesize
2.2MB

Download
memory/2332-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download