ee56ab26a0c5b121ca4494e9ae6adef50560682ff47d2a8f4db5b1cc4e8edcb7

Analysis

max time kernel
144s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 05:21

Target

29c9eba761e291009efe78b10040b36a.exe
Size

1.3MB
MD5

29c9eba761e291009efe78b10040b36a
SHA1

fabddddd700863cb2a7e84e3c7c98d1780fffdf5
SHA256

ee56ab26a0c5b121ca4494e9ae6adef50560682ff47d2a8f4db5b1cc4e8edcb7
SHA512

91ebec49f625daf6692f514197c1004113590f1fd91754f03c708005d39e5523e79387844167e8ab4603deda7753691e1536f243e76acefe73a0f10fc6709527
SSDEEP

24576:VpWSVExuyNyhWM1YNMErlMbHVkXJRyUuHiaGFN3XA/kfKK0g/E4lqoU9/9Us:Vp1VExNybYNMmlOHVGkiaGFNHA/K/5MX

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3432	29c9eba761e291009efe78b10040b36a.exe

Executes dropped EXE 1 IoCs

pid	Process
3432	29c9eba761e291009efe78b10040b36a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1104-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0006000000023204-12.dat	upx
behavioral2/memory/3432-14-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1104	29c9eba761e291009efe78b10040b36a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1104	29c9eba761e291009efe78b10040b36a.exe
3432	29c9eba761e291009efe78b10040b36a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 3432	1104	29c9eba761e291009efe78b10040b36a.exe	93
PID 1104 wrote to memory of 3432	1104	29c9eba761e291009efe78b10040b36a.exe	93
PID 1104 wrote to memory of 3432	1104	29c9eba761e291009efe78b10040b36a.exe	93

C:\Users\Admin\AppData\Local\Temp\29c9eba761e291009efe78b10040b36a.exe

Filesize
1.3MB

MD5
41c00dff2a6d7c34dee262250e2b1362

SHA1
377c01564ded68c4230b0ac4f47c4d73a19743d7

SHA256
96fb8ca9718f27bdd19ca83d03d0cff07876a33786f6cd5e74c68381f4c1b632

SHA512
ed5b8f1abed2733a6e569533cdb9f8a350531e56f8455b1505d1106650eee20fbae79d5c3cad5f6c860c0565c6f6e652c0f0df9fe0e4d8f7a5f53b133e0b0266

Download Submit
memory/1104-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1104-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/1104-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1104-7-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1104-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3432-14-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3432-16-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/3432-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3432-22-0x00000000056D0000-0x00000000058F2000-memory.dmp

Filesize
2.1MB

Download
memory/3432-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/3432-29-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download