a88030e901ab8c406785dcedaf7749a5f02e3c1fb3c499d64c2299769ea1cdb2

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 12:52

Target

36cebc0b75ce70768759546d555dc744.exe
Size

1.5MB
MD5

36cebc0b75ce70768759546d555dc744
SHA1

7ea3d8d9f4168f60d04a0f4e22789de5c27e8adb
SHA256

a88030e901ab8c406785dcedaf7749a5f02e3c1fb3c499d64c2299769ea1cdb2
SHA512

4fe31c9eb29e7b0b5bc2b299b61ad333805315a4b9d594aecdedc116ed480375fb7ac38f879c60500706262f7a5523cbf4d8820df50465972ef4bbca391455e8
SSDEEP

24576:P8BQDZpVIre7oaGt1E1QopfdeeZB7BQBm6vPw6HywBxQ9Zcf4TirJW:P8BMZBoaw1OQoVdN72m6D444e

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4724	36cebc0b75ce70768759546d555dc744.exe

Executes dropped EXE 1 IoCs

pid	Process
4724	36cebc0b75ce70768759546d555dc744.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4592-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000300000001f45f-11.dat	upx
behavioral2/memory/4724-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4592	36cebc0b75ce70768759546d555dc744.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4592	36cebc0b75ce70768759546d555dc744.exe
4724	36cebc0b75ce70768759546d555dc744.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4592 wrote to memory of 4724	4592	36cebc0b75ce70768759546d555dc744.exe	89
PID 4592 wrote to memory of 4724	4592	36cebc0b75ce70768759546d555dc744.exe	89
PID 4592 wrote to memory of 4724	4592	36cebc0b75ce70768759546d555dc744.exe	89

C:\Users\Admin\AppData\Local\Temp\36cebc0b75ce70768759546d555dc744.exe

Filesize
252KB

MD5
9af6cecfab4e157e7e69d4477a720610

SHA1
b7d648b377813971cfd881a8409c005a89fce769

SHA256
386702fde5a0f1ab526e58af4824d548e4747d6a2d1a10e10325633e86a29224

SHA512
4ef06e0f20f882ecd829c3f63c454bd6a7acb60b541b2f2fd393ecfd4dfd9aa2c3826bb0d358b64f01357da9df573018c6875a0d3362d645e482c1a27370d0f2

Download Submit
memory/4592-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4592-1-0x0000000001CD0000-0x0000000001E03000-memory.dmp

Filesize
1.2MB

Download
memory/4592-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4592-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4724-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4724-16-0x0000000001C50000-0x0000000001D83000-memory.dmp

Filesize
1.2MB

Download
memory/4724-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4724-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4724-20-0x0000000005550000-0x000000000577A000-memory.dmp

Filesize
2.2MB

Download
memory/4724-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download