7bb98fdd96638816cd7484390dda47d66a3b361fcedad44d50da632b3a99e2ff

Analysis

max time kernel
158s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 20:41

Target

03711cbc7fe524b7d9a384a9801c92c9.exe
Size

353KB
MD5

03711cbc7fe524b7d9a384a9801c92c9
SHA1

276787e55c8010135bbf8fd7e7f7102c68b096d3
SHA256

7bb98fdd96638816cd7484390dda47d66a3b361fcedad44d50da632b3a99e2ff
SHA512

47429237097aac568b019806d41197f97caadd2a4def8108e40242793ad0a96fe324e468dfd26b6e9839e264d76c10141ecdf0fe7414100b6a46b3d3809073fa
SSDEEP

6144:74bMjIMHt7gOr2uKtjGRtG0eN6ALpWT8EnqYdxfsLPrPwo+:74kH5f+IeN/pWMYTfmE

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4412	03711cbc7fe524b7d9a384a9801c92c9.exe

Executes dropped EXE 1 IoCs

pid	Process
4412	03711cbc7fe524b7d9a384a9801c92c9.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/344-0-0x0000000000400000-0x00000000004F1000-memory.dmp	upx
behavioral2/files/0x000200000001e7e1-11.dat	upx
behavioral2/memory/4412-13-0x0000000000400000-0x00000000004F1000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
344	03711cbc7fe524b7d9a384a9801c92c9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
344	03711cbc7fe524b7d9a384a9801c92c9.exe
4412	03711cbc7fe524b7d9a384a9801c92c9.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 344 wrote to memory of 4412	344	03711cbc7fe524b7d9a384a9801c92c9.exe	93
PID 344 wrote to memory of 4412	344	03711cbc7fe524b7d9a384a9801c92c9.exe	93
PID 344 wrote to memory of 4412	344	03711cbc7fe524b7d9a384a9801c92c9.exe	93

C:\Users\Admin\AppData\Local\Temp\03711cbc7fe524b7d9a384a9801c92c9.exe

Filesize
353KB

MD5
ac0afe33c74a9bb7e8700a656efe33da

SHA1
0c2801ea66155d809abfdc80696aa08daccd5a3e

SHA256
469345527743c89d5e12831de3f8b6e35f5264b3eaae4685cb46ec731e264c3d

SHA512
a7546bcea42fba2a77cd5102eb115c89c9245b3ff319493fd0ac455a0b99338911032fc2c9fb98d8db2030e496ae486d50e234e980f4c44102a6d22f9546c845

Download Submit
memory/344-0-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/344-1-0x0000000000110000-0x0000000000143000-memory.dmp

Filesize
204KB

Download
memory/344-2-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/344-12-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4412-13-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download
memory/4412-14-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4412-15-0x0000000001500000-0x0000000001533000-memory.dmp

Filesize
204KB

Download
memory/4412-20-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4412-23-0x0000000001580000-0x00000000015D0000-memory.dmp

Filesize
320KB

Download
memory/4412-27-0x0000000000400000-0x00000000004F1000-memory.dmp

Filesize
964KB

Download