42aad4ab11d0638c4f36bb8f9f7125fbcd7f2cf5a0832bf8dc021ea684db1c2a

Analysis

max time kernel
174s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 05:23

Target

29e0108d967d50a4080e73ba5bad7d31.exe
Size

4.8MB
MD5

29e0108d967d50a4080e73ba5bad7d31
SHA1

91a16b90e38ab7832f1ddd033051268c2e2b5d7d
SHA256

42aad4ab11d0638c4f36bb8f9f7125fbcd7f2cf5a0832bf8dc021ea684db1c2a
SHA512

079cb5b55a3a0342c43a42993b07b2aadc958af7ba658dc5a44d32de35b56ff442ff109f3eecce7f5a27e3b3c00c8002fcc5c572a30d9699a33cde88f5c7e6f8
SSDEEP

98304:u6SJiVPDgg3gnl/IVUs1j6HybIF1yl+zWHgg3gnl/IVUs1jr:u6tJZgl/iBgybIXylNlgl/iBP

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4028	29e0108d967d50a4080e73ba5bad7d31.exe

Executes dropped EXE 1 IoCs

pid	Process
4028	29e0108d967d50a4080e73ba5bad7d31.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4036-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00060000000231f9-11.dat	upx
behavioral2/memory/4028-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4036	29e0108d967d50a4080e73ba5bad7d31.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4036	29e0108d967d50a4080e73ba5bad7d31.exe
4028	29e0108d967d50a4080e73ba5bad7d31.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 4028	4036	29e0108d967d50a4080e73ba5bad7d31.exe	90
PID 4036 wrote to memory of 4028	4036	29e0108d967d50a4080e73ba5bad7d31.exe	90
PID 4036 wrote to memory of 4028	4036	29e0108d967d50a4080e73ba5bad7d31.exe	90

C:\Users\Admin\AppData\Local\Temp\29e0108d967d50a4080e73ba5bad7d31.exe

Filesize
147KB

MD5
ddd90b6659c0021bfa3009aee7eba18f

SHA1
1d567bbcfc84729866f86f742035105c0d17b9ac

SHA256
892c2f43cebbf07dd6827a98a5c8a10f1d8ee55d7ce8061d2edc108111cbb8e7

SHA512
5e0ae54d4f3346852c8ca57cd917628d78587f9abc5ae29198bf01f6e6ae7bd173777e98b4b881390a99ec95d9ee85b2028e4b90e01ea38c0f07340c961f6123

Download Submit
memory/4028-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4028-15-0x0000000001D00000-0x0000000001E33000-memory.dmp

Filesize
1.2MB

Download
memory/4028-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4028-21-0x0000000005600000-0x000000000582A000-memory.dmp

Filesize
2.2MB

Download
memory/4028-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4028-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4036-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4036-1-0x0000000001D60000-0x0000000001E93000-memory.dmp

Filesize
1.2MB

Download
memory/4036-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4036-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download