240e12a81fb61443db4ed62782bbb912a2276eff3bb0fdfa6ea1175b53f9b53c

Analysis

max time kernel
147s
max time network
59s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 04:27

Target

28210ad5aa59246091be6cc5d2c2166c.exe
Size

2.7MB
MD5

28210ad5aa59246091be6cc5d2c2166c
SHA1

fdd19480aa94c61aed9266bee7a496a5a361d1cd
SHA256

240e12a81fb61443db4ed62782bbb912a2276eff3bb0fdfa6ea1175b53f9b53c
SHA512

f7343ce274da00f8e645f910475eea8281a471deaa29aa979ab1c54bf51946c1399bf161d7023a14f678dd224928f7aaccc8681db8b9361622a76a711778904a
SSDEEP

49152:5wb9MNbhVYAiN85o7lxINzelykXyzvz3037qPQtlDdgXF2jgFp:5w9MhsvINzwXWL03mQPDU2kFp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2440	28210ad5aa59246091be6cc5d2c2166c.exe

Executes dropped EXE 1 IoCs

pid	Process
2440	28210ad5aa59246091be6cc5d2c2166c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/968-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/2440-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002322d-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
968	28210ad5aa59246091be6cc5d2c2166c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
968	28210ad5aa59246091be6cc5d2c2166c.exe
2440	28210ad5aa59246091be6cc5d2c2166c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 2440	968	28210ad5aa59246091be6cc5d2c2166c.exe	91
PID 968 wrote to memory of 2440	968	28210ad5aa59246091be6cc5d2c2166c.exe	91
PID 968 wrote to memory of 2440	968	28210ad5aa59246091be6cc5d2c2166c.exe	91

C:\Users\Admin\AppData\Local\Temp\28210ad5aa59246091be6cc5d2c2166c.exe

Filesize
92KB

MD5
ac2dcaa1c18b919d269268b098bbe3dc

SHA1
532d487b4f1900a8a89f1c2b548369f352a6919c

SHA256
ea0d50a4d7d39077ea7deef3229e7cbf97d69ee3207530dcbf98b186aba258a1

SHA512
7256ba8212f57e1fe885687ca00ba737557c29ad01a0480ae79743c7f2f1bdabbcdb723a28ff09fc8ec25d43bffc6de9b14d36e4ce9f8c90427a554ca6d5ea7f

Download Submit
memory/968-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/968-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/968-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/968-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2440-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2440-14-0x0000000001DA0000-0x0000000001ED3000-memory.dmp

Filesize
1.2MB

Download
memory/2440-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2440-20-0x00000000056A0000-0x00000000058CA000-memory.dmp

Filesize
2.2MB

Download
memory/2440-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2440-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download