8a12d5d8ffbbb1c21d1dfa0342e1a0082dec46dd861c83a5ef47c7019fd3bfe2

Analysis

max time kernel
169s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 04:40

Target

2891e13b1f14851baa042189d2f991c3.exe
Size

1.3MB
MD5

2891e13b1f14851baa042189d2f991c3
SHA1

35d3abca24f4ded4071b81d2ea37318ac50c4b0e
SHA256

8a12d5d8ffbbb1c21d1dfa0342e1a0082dec46dd861c83a5ef47c7019fd3bfe2
SHA512

a700e23cd6d3d2c3e02660382416cc60f6ec2897da88407d43f90ea1bec972d756c17615630682620a02396eeabbed3d466bb78fba7d03003c8eee315b52f26b
SSDEEP

24576:yq+de+IKmYiAEODcJn84lRIWe3vyQ0eLWaKFu8E+dtVonABoJyDcOggvG:b+IKmYi2cdDXjiqQoaKnQ

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2972	2891e13b1f14851baa042189d2f991c3.exe

Executes dropped EXE 1 IoCs

pid	Process
2972	2891e13b1f14851baa042189d2f991c3.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1680-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral2/files/0x000200000001e7ea-14.dat	upx
behavioral2/memory/2972-16-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1680	2891e13b1f14851baa042189d2f991c3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1680	2891e13b1f14851baa042189d2f991c3.exe
2972	2891e13b1f14851baa042189d2f991c3.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 2972	1680	2891e13b1f14851baa042189d2f991c3.exe	92
PID 1680 wrote to memory of 2972	1680	2891e13b1f14851baa042189d2f991c3.exe	92
PID 1680 wrote to memory of 2972	1680	2891e13b1f14851baa042189d2f991c3.exe	92

C:\Users\Admin\AppData\Local\Temp\2891e13b1f14851baa042189d2f991c3.exe

Filesize
960KB

MD5
69790c2271cf3b308a0ebdd9dea747e7

SHA1
76d2b15ab23837f576217895ee32d0f71ecedb4b

SHA256
b14e720ac2cb3a527a0a7a35eb215dc43e6f94e4790c48b3cc65dfc525e207a1

SHA512
e5ae956120e7cf19f37a77e5f2f8b2a253f43872ffb8e10522ae526b7862ae7f003144cdbb913d65be37bfe2490350ce4662629e7d09c69359ef21680f0d9a95

Download Submit
memory/1680-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1680-1-0x0000000001C50000-0x0000000001D62000-memory.dmp

Filesize
1.1MB

Download
memory/1680-2-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1680-3-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1680-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2972-16-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2972-18-0x0000000001870000-0x0000000001982000-memory.dmp

Filesize
1.1MB

Download
memory/2972-17-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2972-24-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download