beb59d6d39a86aefc4b74f4dfafaf269ba73061d45c45f2196b7fdda33e5bd30

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 12:58

Target

37049e356f0337c4739c369703d6f73d.exe
Size

2.9MB
MD5

37049e356f0337c4739c369703d6f73d
SHA1

892e48eaf5c90eb96374455702d8a954caae77bd
SHA256

beb59d6d39a86aefc4b74f4dfafaf269ba73061d45c45f2196b7fdda33e5bd30
SHA512

be62a3369ba06dbc9c6b643f2b589ad72777eaf5ac9de1af6efa8f5bb706e061f1ec76e4135d5d224c4fa1228e50562f834cf3a16602ac6a24769b40a5f3d5a7
SSDEEP

49152:zE4TIktp+auoEqNtujtUBvKbdP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:zZpVV/NtuJWvKbdgg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4024	37049e356f0337c4739c369703d6f73d.exe

Executes dropped EXE 1 IoCs

pid	Process
4024	37049e356f0337c4739c369703d6f73d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4024-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000600000001e5df-11.dat	upx
behavioral2/memory/5008-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5008	37049e356f0337c4739c369703d6f73d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5008	37049e356f0337c4739c369703d6f73d.exe
4024	37049e356f0337c4739c369703d6f73d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 4024	5008	37049e356f0337c4739c369703d6f73d.exe	17
PID 5008 wrote to memory of 4024	5008	37049e356f0337c4739c369703d6f73d.exe	17
PID 5008 wrote to memory of 4024	5008	37049e356f0337c4739c369703d6f73d.exe	17

C:\Users\Admin\AppData\Local\Temp\37049e356f0337c4739c369703d6f73d.exe

Filesize
365KB

MD5
f75eedb46200b3e9b5003df193aeaab4

SHA1
2ba056292132688b52fe1c261992be31633ead4c

SHA256
43ec8f47c3db6ab156d3803a57b9ce9a688549d07e107e34aa34af2db0fab541

SHA512
105a22fcee474c862620c9252e1b0c7dfc3d8772eca0b0631a0530543c62c840c08aa761e50c6da0d097e1ba2abb6ea6c4c108e4fd67b4e0aa00c81d9139e166

Download Submit
memory/4024-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4024-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4024-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4024-22-0x00000000056B0000-0x00000000058DA000-memory.dmp

Filesize
2.2MB

Download
memory/4024-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4024-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5008-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5008-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5008-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/5008-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download