8b8fb2b97f394c1bd87409ea482a61f668d9c2e92b6c30ffd92bbb66fcd00a0a

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 12:50

Target

36bc96beb8c702c884bdbaff9d949240.exe
Size

5.8MB
MD5

36bc96beb8c702c884bdbaff9d949240
SHA1

0c2a52ded9931ae6f75213b29648cdc8c942c5f1
SHA256

8b8fb2b97f394c1bd87409ea482a61f668d9c2e92b6c30ffd92bbb66fcd00a0a
SHA512

29e4da0cc74f3241b7b5fda5f2a3d9917b036aa71a2f06094cee830d9817fc8f0c861cdce69aae0ce004c0e8eda7ac6c2fd4ba80a0da635e07793115785b5a9e
SSDEEP

98304:ECJ2lMjqf6eZGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:ECUlMp8GhRaaCkN9qHGhRa

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3248	36bc96beb8c702c884bdbaff9d949240.exe

Executes dropped EXE 1 IoCs

pid	Process
3248	36bc96beb8c702c884bdbaff9d949240.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3240-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000a0000000230f9-11.dat	upx
behavioral2/memory/3248-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3240	36bc96beb8c702c884bdbaff9d949240.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3240	36bc96beb8c702c884bdbaff9d949240.exe
3248	36bc96beb8c702c884bdbaff9d949240.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3240 wrote to memory of 3248	3240	36bc96beb8c702c884bdbaff9d949240.exe	73
PID 3240 wrote to memory of 3248	3240	36bc96beb8c702c884bdbaff9d949240.exe	73
PID 3240 wrote to memory of 3248	3240	36bc96beb8c702c884bdbaff9d949240.exe	73

C:\Users\Admin\AppData\Local\Temp\36bc96beb8c702c884bdbaff9d949240.exe

Filesize
169KB

MD5
3af0bc84400678e084e4fa3af261f978

SHA1
664e3208627a59bc9b8a0d10b6c48fea83b0033a

SHA256
b677e31c982b5eef0688307ee310ecd9cd46ae06064977838d18a6634c1365b9

SHA512
2543139868a121975858aab52f9b5ba969650c2c58918e32060839b381aeda4c445c3fdfe384d993d1829cc4abe38ae9416ebb7ae15702d2bf7fca72920b73d5

Download Submit
memory/3240-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3240-1-0x0000000001BF0000-0x0000000001D23000-memory.dmp

Filesize
1.2MB

Download
memory/3240-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3240-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3248-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3248-16-0x0000000001DB0000-0x0000000001EE3000-memory.dmp

Filesize
1.2MB

Download
memory/3248-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3248-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3248-21-0x00000000056B0000-0x00000000058DA000-memory.dmp

Filesize
2.2MB

Download
memory/3248-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download