432591d516cdec05992062487866aa0081e1cfedaf7c57bb256ff8bb2ab81196

Analysis

max time kernel
158s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 06:21

Target

2b8eae6a9d19ae2459c64c0fd58058c2.exe
Size

2.7MB
MD5

2b8eae6a9d19ae2459c64c0fd58058c2
SHA1

1c84ebc0a2583669f53e19428f19c8ead2a8a947
SHA256

432591d516cdec05992062487866aa0081e1cfedaf7c57bb256ff8bb2ab81196
SHA512

1e44f0e5b032f664cc3c5019661c313e916421a1e07bfd38e55aeb31c0d84349c85c38626700804f2081942bf64d0eb23ddbdeb46b489e3b9123872073e41ef6
SSDEEP

49152:/lN1j6iQoap1FHaCMWnuEG36xt+pob5D0urIWn9ID1A/ObR5P0M9RbezQetp:1jzOp1F6CMo/+DW9ID1G4Rl0PQetp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3316	2b8eae6a9d19ae2459c64c0fd58058c2.exe

Executes dropped EXE 1 IoCs

pid	Process
3316	2b8eae6a9d19ae2459c64c0fd58058c2.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3300-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000200000001e7e2-11.dat	upx
behavioral2/memory/3316-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3300	2b8eae6a9d19ae2459c64c0fd58058c2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3300	2b8eae6a9d19ae2459c64c0fd58058c2.exe
3316	2b8eae6a9d19ae2459c64c0fd58058c2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 3316	3300	2b8eae6a9d19ae2459c64c0fd58058c2.exe	96
PID 3300 wrote to memory of 3316	3300	2b8eae6a9d19ae2459c64c0fd58058c2.exe	96
PID 3300 wrote to memory of 3316	3300	2b8eae6a9d19ae2459c64c0fd58058c2.exe	96

C:\Users\Admin\AppData\Local\Temp\2b8eae6a9d19ae2459c64c0fd58058c2.exe

Filesize
1.6MB

MD5
dcedd7afbe86b95e9f9de3253723f353

SHA1
b68f0a3dd4ce3ab4fff8e603a4aa76f99032e04a

SHA256
f28a0535ea8e11950cacc59d349415105f421646b4ad8c99b49601b296ff939d

SHA512
682d89e43ac0cd0de577af4c4d976673220695fc9171bd4fa862d7a7c7c4e734262c249f0a481974ebb2be46be03e850e34389376c50d5dff4091cb49889d09c

Download Submit
memory/3300-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3300-1-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/3300-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3300-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3316-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3316-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3316-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3316-20-0x0000000005590000-0x00000000057BA000-memory.dmp

Filesize
2.2MB

Download
memory/3316-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3316-27-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download