19db6b3a31ef67dc2d13750ed3534cd64dc4829c20a6e4980b4f5bb5fbc9163b

Analysis

max time kernel
137s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 06:10

Target

2b484e08ddaa64cfb1c092ee4e9902b8.exe
Size

2.7MB
MD5

2b484e08ddaa64cfb1c092ee4e9902b8
SHA1

5104c4e30abb8ac5bfc750ca14877fd6a2ae6c2c
SHA256

19db6b3a31ef67dc2d13750ed3534cd64dc4829c20a6e4980b4f5bb5fbc9163b
SHA512

3fc10ac44203d8bd4b5043e4273c3ecab8bb8f8a8429cba7301ec01ac2c07b9bc69e641f0b404fbabe627a38883003358a3218b1e5d405ddd878fe7406338b84
SSDEEP

49152:dJdERaEb3/kwIoLHeXf27f60vR9WOO93QIy96LheWDB6sBJNiNzQhJ5+jYAShzRt:eRaEb31cyigHj8FhX6s9CkUjHGzHj

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3156	2b484e08ddaa64cfb1c092ee4e9902b8.exe

Executes dropped EXE 1 IoCs

pid	Process
3156	2b484e08ddaa64cfb1c092ee4e9902b8.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1404-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000300000001f45f-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1404	2b484e08ddaa64cfb1c092ee4e9902b8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1404	2b484e08ddaa64cfb1c092ee4e9902b8.exe
3156	2b484e08ddaa64cfb1c092ee4e9902b8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 3156	1404	2b484e08ddaa64cfb1c092ee4e9902b8.exe	19
PID 1404 wrote to memory of 3156	1404	2b484e08ddaa64cfb1c092ee4e9902b8.exe	19
PID 1404 wrote to memory of 3156	1404	2b484e08ddaa64cfb1c092ee4e9902b8.exe	19

C:\Users\Admin\AppData\Local\Temp\2b484e08ddaa64cfb1c092ee4e9902b8.exe

Filesize
384KB

MD5
ad088a6bc618fc9e84f032f9ae7c1335

SHA1
e3dfca10fb8e9c24e6a5f669f37ceca299033631

SHA256
af15d1ff5e33dce13064db18fd6c8f43395bc7eb94d438f2f30b63ef384c2973

SHA512
f44a9d4be4f6bbdfa1da30b07a399a56a7f82ea996002d9923fbdca992f23a64946800bd65ba2437d3cdf4c3986224ee7805de62f1909765213549cbc665fbdd

Download Submit
memory/1404-1-0x0000000001DA0000-0x0000000001ED1000-memory.dmp

Filesize
1.2MB

Download
memory/1404-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1404-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1404-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3156-15-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3156-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3156-21-0x0000000005630000-0x0000000005852000-memory.dmp

Filesize
2.1MB

Download
memory/3156-20-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/3156-13-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/3156-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download