4a3543a472f5160ffc6a099527cb42fc9648e04b0599cd3123086d8444184bd6

Analysis

max time kernel
129s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 06:09

Target

2b40763ffefd0c953d638767e2ba6f79.exe
Size

1.3MB
MD5

2b40763ffefd0c953d638767e2ba6f79
SHA1

2fd2974ba33f4f5937d08b8d6ab73f8eed8fb555
SHA256

4a3543a472f5160ffc6a099527cb42fc9648e04b0599cd3123086d8444184bd6
SHA512

1595382a0818d83c8b9ced56a83ee5e7e628fe8c350882f93423ed84f1c36c029eabe6ebea9528541e68de6b473126029d9dbb0b410a542f7bc206afa48a74b5
SSDEEP

24576:8H+Wsz2tX5kR29VwVWlkOioxz7PBqCvPwBZ7SQogwY8c1hdaQphIPU9/9Us:8H+W42tJ36cRZ7pRwBYAf1LfR9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1052	2b40763ffefd0c953d638767e2ba6f79.exe

Executes dropped EXE 1 IoCs

pid	Process
1052	2b40763ffefd0c953d638767e2ba6f79.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2488-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/memory/1052-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0007000000023204-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2488	2b40763ffefd0c953d638767e2ba6f79.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2488	2b40763ffefd0c953d638767e2ba6f79.exe
1052	2b40763ffefd0c953d638767e2ba6f79.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 1052	2488	2b40763ffefd0c953d638767e2ba6f79.exe	90
PID 2488 wrote to memory of 1052	2488	2b40763ffefd0c953d638767e2ba6f79.exe	90
PID 2488 wrote to memory of 1052	2488	2b40763ffefd0c953d638767e2ba6f79.exe	90

C:\Users\Admin\AppData\Local\Temp\2b40763ffefd0c953d638767e2ba6f79.exe

Filesize
100KB

MD5
69dadbedb154d91ee92bdca1e6d90dd9

SHA1
b8234f7336e8fceacd7a7b1556a99bc6399175ad

SHA256
60b85e18cb3ecd4a28a50c8d79affc35b5ec12469865051f54cef3dca8c7316c

SHA512
90fbbd19ea226b03bfc333c8394d4252663f0b71248242bf4f665b9af9dfc54a76206fe3618568d9743cac1c54008b780f39bcb531de33234663386411f29a9a

Download Submit
memory/1052-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1052-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1052-16-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/1052-20-0x0000000005570000-0x0000000005792000-memory.dmp

Filesize
2.1MB

Download
memory/1052-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1052-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2488-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2488-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2488-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2488-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download