c2a95be9175b96580272bd1dee0d92cdba5750a16cad14562ff388a8bfbc7a6d

Analysis

max time kernel
179s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 07:18

Target

2d1433fff103c4963cd7769d86cdf442.exe
Size

5.8MB
MD5

2d1433fff103c4963cd7769d86cdf442
SHA1

9d54569511864fe7d56734bf9d126e5c868ba2b5
SHA256

c2a95be9175b96580272bd1dee0d92cdba5750a16cad14562ff388a8bfbc7a6d
SHA512

20661a6b91549861ef67d773432dc8353a057aa0e07fc1b64ce61c28a84a6911b89065f04ecac643d6ec979245636a309e013619377ad73cb7e0985cd42e8314
SSDEEP

98304:RZ+s+FqvEa4HBUCczzM39F5v+aLzXo04o6ss8l/ipv4HBUCczzM3:R7+t5WCRF8a3Xl4o6sJipgWC

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2232	2d1433fff103c4963cd7769d86cdf442.exe

Executes dropped EXE 1 IoCs

pid	Process
2232	2d1433fff103c4963cd7769d86cdf442.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4156-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023207-11.dat	upx
behavioral2/memory/2232-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4156	2d1433fff103c4963cd7769d86cdf442.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4156	2d1433fff103c4963cd7769d86cdf442.exe
2232	2d1433fff103c4963cd7769d86cdf442.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4156 wrote to memory of 2232	4156	2d1433fff103c4963cd7769d86cdf442.exe	91
PID 4156 wrote to memory of 2232	4156	2d1433fff103c4963cd7769d86cdf442.exe	91
PID 4156 wrote to memory of 2232	4156	2d1433fff103c4963cd7769d86cdf442.exe	91

C:\Users\Admin\AppData\Local\Temp\2d1433fff103c4963cd7769d86cdf442.exe

Filesize
172KB

MD5
d41e939d9a031ad8d0ec34690f75f616

SHA1
8105351cabdc93b9dd3c91c01d7ac2b5922f93e3

SHA256
ef76daa79dab6b0cabc3b14f91873b6dd4cfcb5e3db5e6513993c6008a62a6e1

SHA512
2d76d523dddfbbf20824ea12e35de61ff3e99607ba2a7b8c7401c00f3ca2c6a5d4b4e0512fb8a16b34c8964093d454f12a37e31204a54f999429b6f5430205c2

Download Submit
memory/2232-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2232-14-0x0000000001BF0000-0x0000000001D23000-memory.dmp

Filesize
1.2MB

Download
memory/2232-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2232-21-0x00000000054F0000-0x000000000571A000-memory.dmp

Filesize
2.2MB

Download
memory/2232-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2232-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4156-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4156-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4156-1-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/4156-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download