84b2a006d0aee5cdf8e4fdb4952c72ca57fd6a9f2840b5c72e806896270667c6

Analysis

max time kernel
180s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 01:59

Target

0aea37d0fdc65bccf7b0e13710dee246.exe
Size

1.6MB
MD5

0aea37d0fdc65bccf7b0e13710dee246
SHA1

70a5a7b39c9a281716617958388ae8043625ffbb
SHA256

84b2a006d0aee5cdf8e4fdb4952c72ca57fd6a9f2840b5c72e806896270667c6
SHA512

6211dfbb8fa2fd0b46bd189375fe69aecd82683f1d6d0a4c49bbb57f6357f80d3efec2fb718f73e3e5b0768b68f83bb5f5264b0b5e14ab0d4783a4bf945ee009
SSDEEP

24576:atMl5unlvZCGp94SPMiSvWERjD9liyaOvaP+h3J9xC1viWI0td:eFZsSk0nhOvaPe3HYgP4d

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3940	0aea37d0fdc65bccf7b0e13710dee246.exe

Executes dropped EXE 1 IoCs

pid	Process
3940	0aea37d0fdc65bccf7b0e13710dee246.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/944-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/3940-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0006000000023211-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
944	0aea37d0fdc65bccf7b0e13710dee246.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
944	0aea37d0fdc65bccf7b0e13710dee246.exe
3940	0aea37d0fdc65bccf7b0e13710dee246.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 3940	944	0aea37d0fdc65bccf7b0e13710dee246.exe	92
PID 944 wrote to memory of 3940	944	0aea37d0fdc65bccf7b0e13710dee246.exe	92
PID 944 wrote to memory of 3940	944	0aea37d0fdc65bccf7b0e13710dee246.exe	92

C:\Users\Admin\AppData\Local\Temp\0aea37d0fdc65bccf7b0e13710dee246.exe

Filesize
172KB

MD5
eea49cfe8dc5914c64774f6d3a72fabc

SHA1
91c8beb8213f12a42df03c0633f3b2b42850845f

SHA256
24c8cf5b8845e8f8915a566434f92ff38df5f6be1292cea0cff44d5307f692e7

SHA512
dbb79a774611d4bf9ba06500b066d8cf94eaa239cae53dc851a36edf75367dabc4c738da25e09b3229612777b3b2a2dbbd1a07d85c209225ac91f2c2b44e8612

Download Submit
memory/944-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/944-1-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/944-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/944-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3940-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3940-15-0x0000000001CC0000-0x0000000001DF3000-memory.dmp

Filesize
1.2MB

Download
memory/3940-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3940-20-0x00000000055C0000-0x00000000057EA000-memory.dmp

Filesize
2.2MB

Download
memory/3940-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3940-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download