a20c35bf21d199de38ad42b0ced6ec7dcc8f64535e208aeabd65e4412a1738c2

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 14:23

Target

39ad70e8b2c37b1c0c26da54080486d4.exe
Size

2.9MB
MD5

39ad70e8b2c37b1c0c26da54080486d4
SHA1

e37ecf62c30d2850168fc2cad2e8a1ff92e97ee4
SHA256

a20c35bf21d199de38ad42b0ced6ec7dcc8f64535e208aeabd65e4412a1738c2
SHA512

d98c62ce6bcf19560241b254d079d215bdb8bc71ec17bc3d65a6d903e5710caddad531376fba4601b21ee8144544ecfeb2e7ccd36815d1d41c3149fdc64c690e
SSDEEP

49152:CV2JN3P816bA50JDyQeCUmGgvSC2jqOvvfpg6Uleioo7vR2N7c7Tf:nJRP8+Y0JeZCTLDTOxQlGw7T

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1416	39ad70e8b2c37b1c0c26da54080486d4.exe

Executes dropped EXE 1 IoCs

pid	Process
1416	39ad70e8b2c37b1c0c26da54080486d4.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/960-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/1416-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023246-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
960	39ad70e8b2c37b1c0c26da54080486d4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
960	39ad70e8b2c37b1c0c26da54080486d4.exe
1416	39ad70e8b2c37b1c0c26da54080486d4.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 1416	960	39ad70e8b2c37b1c0c26da54080486d4.exe	50
PID 960 wrote to memory of 1416	960	39ad70e8b2c37b1c0c26da54080486d4.exe	50
PID 960 wrote to memory of 1416	960	39ad70e8b2c37b1c0c26da54080486d4.exe	50

C:\Users\Admin\AppData\Local\Temp\39ad70e8b2c37b1c0c26da54080486d4.exe

Filesize
18KB

MD5
cbf150321dab1c69eb2a32908715e881

SHA1
d73a80b2ee8535b9871c9acc02f82b31aea2475b

SHA256
caccc2b429fc599e7d3eae4b76291449e0c3f81e2ecb904bec285bec262ede88

SHA512
e7931b53897282bd752578094eccf0917b0994d58f1b4d9bbfb7c465ce62ed9bb2d3bfd11c368495a44888e6b554b4ed6ad25ebe0111be58bbf78c1ea69c0ddb

Download Submit
memory/960-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/960-1-0x0000000001CF0000-0x0000000001E23000-memory.dmp

Filesize
1.2MB

Download
memory/960-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/960-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1416-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1416-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1416-20-0x0000000005550000-0x000000000577A000-memory.dmp

Filesize
2.2MB

Download
memory/1416-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1416-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1416-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download