3bf8f114cae4af01e2eb3a0f0ee13ebf678fdc039a7f92053f612cd1723b5269

Analysis

max time kernel
159s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 00:29

Target

0897fc15dab686aefb5ad0ef2a153aa8.exe
Size

2.4MB
MD5

0897fc15dab686aefb5ad0ef2a153aa8
SHA1

2ac7d1e589bd2d9d7970ebe004119bbadf88b4b4
SHA256

3bf8f114cae4af01e2eb3a0f0ee13ebf678fdc039a7f92053f612cd1723b5269
SHA512

d17a8a93da1dc1734d51f256661d7e452cfb50b5b2f573dd0f6da312d34223c8463fae8f3d91657f7d914335352b9d26a9a8075ad1773136539c408f0ffe7b29
SSDEEP

49152:w5mmc0Ng/j2tFwKZrae+jnYyrtxr1hTWZ29P4M338dB2IBlGuuDVUsdxxjr:WmmvNsatFWev0P1Iogg3gnl/IVUs1jr

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1400	0897fc15dab686aefb5ad0ef2a153aa8.exe

Executes dropped EXE 1 IoCs

pid	Process
1400	0897fc15dab686aefb5ad0ef2a153aa8.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3368-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000200000001e7e4-12.dat	upx
behavioral2/memory/1400-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3368	0897fc15dab686aefb5ad0ef2a153aa8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3368	0897fc15dab686aefb5ad0ef2a153aa8.exe
1400	0897fc15dab686aefb5ad0ef2a153aa8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 1400	3368	0897fc15dab686aefb5ad0ef2a153aa8.exe	94
PID 3368 wrote to memory of 1400	3368	0897fc15dab686aefb5ad0ef2a153aa8.exe	94
PID 3368 wrote to memory of 1400	3368	0897fc15dab686aefb5ad0ef2a153aa8.exe	94

C:\Users\Admin\AppData\Local\Temp\0897fc15dab686aefb5ad0ef2a153aa8.exe

Filesize
2.4MB

MD5
f865af369e125176279ecc579cfded01

SHA1
7a2627be4daaa14ef33c52852558b42b59ac0766

SHA256
17bffc47933c633c825a9432a58a52f94e9764719b75964cce860e396b3e809f

SHA512
68f3d872a6fc3919357deb9c5c861a725584604cdd04ea41369f4e2707bda1b80bf524e66671fd6b053d7fbf7775a74e43100af495ce3742c9b3970744d53c95

Download Submit
memory/1400-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1400-15-0x0000000001D10000-0x0000000001E43000-memory.dmp

Filesize
1.2MB

Download
memory/1400-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1400-21-0x0000000005610000-0x000000000583A000-memory.dmp

Filesize
2.2MB

Download
memory/1400-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1400-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3368-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3368-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3368-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3368-10-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3368-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download