9dea4f44576f7f6cef409b36a3f6ac9e72d4ab08227c871998354f3799908c93

Analysis

max time kernel
151s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 01:23

Target

09f8cf217dc29001a8a1d8793623dd5e.exe
Size

59KB
MD5

09f8cf217dc29001a8a1d8793623dd5e
SHA1

c183acecbc41b9fde109b9544443ba83e6eb7ea6
SHA256

9dea4f44576f7f6cef409b36a3f6ac9e72d4ab08227c871998354f3799908c93
SHA512

12e8f3d67761edd59a5ff338ce81a423697daca9172326e277ec1a27bc10f3235666c2a0cfe306e08c04ffb6b5e509eaf78e3fd15b02c1060e7c8acb385251e5
SSDEEP

1536:hLUozsYU7HQtIP3BpgfasJ65xaZVwFFJhmze0GsVPCv/Sg:hwMsYAQuP3BpgiwWxSwnJhE9VPES

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2812	09f8cf217dc29001a8a1d8793623dd5e.exe

Executes dropped EXE 1 IoCs

pid	Process
2812	09f8cf217dc29001a8a1d8793623dd5e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1388-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral2/files/0x0007000000023200-11.dat	upx
behavioral2/memory/2812-13-0x0000000000400000-0x000000000043D000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1388	09f8cf217dc29001a8a1d8793623dd5e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1388	09f8cf217dc29001a8a1d8793623dd5e.exe
2812	09f8cf217dc29001a8a1d8793623dd5e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 2812	1388	09f8cf217dc29001a8a1d8793623dd5e.exe	91
PID 1388 wrote to memory of 2812	1388	09f8cf217dc29001a8a1d8793623dd5e.exe	91
PID 1388 wrote to memory of 2812	1388	09f8cf217dc29001a8a1d8793623dd5e.exe	91

C:\Users\Admin\AppData\Local\Temp\09f8cf217dc29001a8a1d8793623dd5e.exe

Filesize
59KB

MD5
0812678ba6ef08159075d7f4083d9862

SHA1
f619e37dd217bd4b26896709364d9ac372a9c524

SHA256
3e08be4a93e8b34ffaf73c6001a5133da45b79931e0db8e8d564a07ca12e996c

SHA512
c8da3b5e42d47a0f7e564557611b21c833cce8f926a0e7bfc3db903650018ece3a03cb0660bea3d57dbbc24432e06ca82edb85c9956e297fb38f3fa0f0813fb1

Download Submit
memory/1388-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1388-1-0x0000000000190000-0x000000000019F000-memory.dmp

Filesize
60KB

Download
memory/1388-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1388-12-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2812-13-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2812-14-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2812-16-0x00000000000C0000-0x00000000000CF000-memory.dmp

Filesize
60KB

Download
memory/2812-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2812-25-0x00000000001D0000-0x00000000001ED000-memory.dmp

Filesize
116KB

Download
memory/2812-26-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download