59d0b3c9143fa50ccb91b216610efaa1141ea64944d2ebec803489c86159f274

Analysis

max time kernel
150s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 18:38

Target

3ac3a8e6a40da030174b5ff7e9bd4629.exe
Size

5.8MB
MD5

3ac3a8e6a40da030174b5ff7e9bd4629
SHA1

6dfd83ee27aa79d2df598709e45a43dff932ba9a
SHA256

59d0b3c9143fa50ccb91b216610efaa1141ea64944d2ebec803489c86159f274
SHA512

3c4b37b1be3e418fd83a7ac91c631c883ce8ae4d8e45945206261e32db577fabb2c15ff84b4ea96840a3f6a7e2f56de6a2028bd9c5527f33b9678478725c6f98
SSDEEP

98304:lK6EKW9ln4i/5Agg3gnl/IVUs1jePsA36t8wSIeQFBkdpqdgg3gnl/IVUs1jePs:AJJ9tOgl/iBiPTVJRQPkd6gl/iBiP

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3568	3ac3a8e6a40da030174b5ff7e9bd4629.exe

Executes dropped EXE 1 IoCs

pid	Process
3568	3ac3a8e6a40da030174b5ff7e9bd4629.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3288-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000001e0ce-11.dat	upx
behavioral2/memory/3568-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3288	3ac3a8e6a40da030174b5ff7e9bd4629.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3288	3ac3a8e6a40da030174b5ff7e9bd4629.exe
3568	3ac3a8e6a40da030174b5ff7e9bd4629.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3288 wrote to memory of 3568	3288	3ac3a8e6a40da030174b5ff7e9bd4629.exe	93
PID 3288 wrote to memory of 3568	3288	3ac3a8e6a40da030174b5ff7e9bd4629.exe	93
PID 3288 wrote to memory of 3568	3288	3ac3a8e6a40da030174b5ff7e9bd4629.exe	93

C:\Users\Admin\AppData\Local\Temp\3ac3a8e6a40da030174b5ff7e9bd4629.exe

Filesize
5.8MB

MD5
c0621126f83dbc04fefa521520ec7613

SHA1
6e801209d1654d098889e40e1812c9b9643fa61b

SHA256
81bd6246e5e748798d9f6e1dd913cdff82b479540de30c1baf75b12d40d93a14

SHA512
f2048019b803597810efab42879f03f008c17f023561923ed3af44a1134d5602b7894aae019ff9b2d775ec9a6a7b16427819d44c0340b68a858a11a0585b4bc7

Download Submit
memory/3288-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3288-1-0x0000000001C90000-0x0000000001DC3000-memory.dmp

Filesize
1.2MB

Download
memory/3288-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3288-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3568-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3568-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3568-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3568-20-0x0000000005660000-0x000000000588A000-memory.dmp

Filesize
2.2MB

Download
memory/3568-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3568-27-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download