e7bb10729fe0462d1b521ed8efeac738aed367d38d5c2df7f30f41cbe3bd2596

Analysis

max time kernel
142s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 00:47

Target

090546ade6c8ce24e9088a6c94d85870.exe
Size

1.3MB
MD5

090546ade6c8ce24e9088a6c94d85870
SHA1

22901cb3a6134b3218d769446e49b910cf061cae
SHA256

e7bb10729fe0462d1b521ed8efeac738aed367d38d5c2df7f30f41cbe3bd2596
SHA512

6865e33b0a6b3dbcd4fb32e1582ae3d02faaa00f843415011983d0245568cc7ba12c4cc1ed55c66f3118780f843f3670142caf7ed6a7adb3e708b9584fb2454a
SSDEEP

24576:ACEgTAGecr8ILPc5AEF8PYH6Gvz9DP2x1IVUuk8zAXHbrwHEWc:7AGrHo5AEF8rGvz9rS1IVUz8zAXBp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3336	090546ade6c8ce24e9088a6c94d85870.exe

Executes dropped EXE 1 IoCs

pid	Process
3336	090546ade6c8ce24e9088a6c94d85870.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1832-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023247-11.dat	upx
behavioral2/memory/3336-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1832	090546ade6c8ce24e9088a6c94d85870.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1832	090546ade6c8ce24e9088a6c94d85870.exe
3336	090546ade6c8ce24e9088a6c94d85870.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 3336	1832	090546ade6c8ce24e9088a6c94d85870.exe	86
PID 1832 wrote to memory of 3336	1832	090546ade6c8ce24e9088a6c94d85870.exe	86
PID 1832 wrote to memory of 3336	1832	090546ade6c8ce24e9088a6c94d85870.exe	86

C:\Users\Admin\AppData\Local\Temp\090546ade6c8ce24e9088a6c94d85870.exe

Filesize
1.3MB

MD5
33df96f3ceb6f5d8dbef1e735c7a3b92

SHA1
902d9ac093d6cab1844ac05eb5faf28fd3ee0025

SHA256
441cc472f36b56ade2b6d7fd09645f178370cce498385c7d1f4fb15bb67e444c

SHA512
3387920b9e45debbfa93983159e4a00283e784aacb3e7f6aa3983625fcd1a8d530f60e89fb4110ae62bf12197baee4fea4d9518937cc9bb8d1bef1ad9ad01def

Download Submit
memory/1832-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1832-1-0x0000000001D60000-0x0000000001E93000-memory.dmp

Filesize
1.2MB

Download
memory/1832-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1832-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3336-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3336-15-0x0000000001DD0000-0x0000000001F03000-memory.dmp

Filesize
1.2MB

Download
memory/3336-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3336-21-0x00000000056D0000-0x00000000058FA000-memory.dmp

Filesize
2.2MB

Download
memory/3336-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3336-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download