51139451377e99ff3f2d874aa8a2e6c02f8fef9df6a62eccfee0728ece8fb30c

Analysis

max time kernel
108s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 05:16

Target

29a18c71eb1e2f34713a825953e535ff.exe
Size

2.9MB
MD5

29a18c71eb1e2f34713a825953e535ff
SHA1

98cffdbbd2c1505f501ee7d7c76113488b56fcd9
SHA256

51139451377e99ff3f2d874aa8a2e6c02f8fef9df6a62eccfee0728ece8fb30c
SHA512

00fdd2df9e33115ca3f570603b00246cea4f471a1c1e4e07e1600354d3c4a230f9b4a460e95d952cc9305de0da73f85b3e95db6a77faaa2fbf2d01e199b81be0
SSDEEP

49152:5VErvJ0ufFCOVDgnAx88MkaCP15N74NH5HUyNRcUsCVOzetdZJ:5i7J0udCOV0L83r4HBUCczzM3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3244	29a18c71eb1e2f34713a825953e535ff.exe

Executes dropped EXE 1 IoCs

pid	Process
3244	29a18c71eb1e2f34713a825953e535ff.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3476-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000600000001e71b-11.dat	upx
behavioral2/memory/3244-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3476	29a18c71eb1e2f34713a825953e535ff.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3476	29a18c71eb1e2f34713a825953e535ff.exe
3244	29a18c71eb1e2f34713a825953e535ff.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 3244	3476	29a18c71eb1e2f34713a825953e535ff.exe	89
PID 3476 wrote to memory of 3244	3476	29a18c71eb1e2f34713a825953e535ff.exe	89
PID 3476 wrote to memory of 3244	3476	29a18c71eb1e2f34713a825953e535ff.exe	89

C:\Users\Admin\AppData\Local\Temp\29a18c71eb1e2f34713a825953e535ff.exe

Filesize
440KB

MD5
6e33618730ebbf1aa2ec57cd0de8df56

SHA1
a50ce6b45c2e03cf6f8ed6aa6ef7ba10ad789989

SHA256
78e63c2ba1e7f65ff5d63ea99b9677279eff19f27aec18a02528ff218f306d94

SHA512
8d2c84ed46a2e8a57544d392423d834f44857c413dea7dfe2a24ea0a49923c05e6374b4cdc107c6b274c29dec1aa9db3b1dd44e7f6611618a9a7ec1a23afaedd

Download Submit
memory/3244-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3244-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3244-15-0x0000000001C80000-0x0000000001DB3000-memory.dmp

Filesize
1.2MB

Download
memory/3244-20-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/3244-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3244-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3476-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3476-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3476-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3476-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download