ec36169e6d0c446b5b8d5171b54f338d8050f84d8b78dad03f26de33ad3a4a71

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 19:55

Target

3ae9af65b00bb338d20b7b2337c6c320.exe
Size

2.9MB
MD5

3ae9af65b00bb338d20b7b2337c6c320
SHA1

15a108be320541d13544b77fbe6736e4461276f0
SHA256

ec36169e6d0c446b5b8d5171b54f338d8050f84d8b78dad03f26de33ad3a4a71
SHA512

100f694d6536d875f1086f5e8c7ac34b16c11dda8a1d06f2c1cfd67aed1999fe8caca0c08c39a2c45ab0fd78945f1782e068a198db2a8ba611cfe725d9780261
SSDEEP

49152:vJ+PIxLJyGWEdJXy5xC1ukf/T/d6Lf9zrJlQMur0Vd0cIT3AH:h+PIxiz5xC15Tdkf9RlM4633q

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1284	3ae9af65b00bb338d20b7b2337c6c320.exe

Executes dropped EXE 1 IoCs

pid	Process
1284	3ae9af65b00bb338d20b7b2337c6c320.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1920-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/1284-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000001e96f-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1920	3ae9af65b00bb338d20b7b2337c6c320.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1920	3ae9af65b00bb338d20b7b2337c6c320.exe
1284	3ae9af65b00bb338d20b7b2337c6c320.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 1284	1920	3ae9af65b00bb338d20b7b2337c6c320.exe	17
PID 1920 wrote to memory of 1284	1920	3ae9af65b00bb338d20b7b2337c6c320.exe	17
PID 1920 wrote to memory of 1284	1920	3ae9af65b00bb338d20b7b2337c6c320.exe	17

C:\Users\Admin\AppData\Local\Temp\3ae9af65b00bb338d20b7b2337c6c320.exe

Filesize
197KB

MD5
7ba34ff1cf54277527380de897aff9d4

SHA1
d00d4a0a7b324329868da504bea916115f549ec9

SHA256
74c8aaa31e3fc709bd580fd5d6265da187dc55fdd2dd9728f3cf975e494a7c2a

SHA512
b6b3c0fac7c82f09bea6f60e4246489aa4df74464eac8bc8193b3a999cf371d0782cf47cf49125fbf7a17abf37f01982a5e5b138f708a5650f5d593161181a49

Download Submit
memory/1284-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1284-15-0x0000000001DE0000-0x0000000001F13000-memory.dmp

Filesize
1.2MB

Download
memory/1284-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1284-20-0x00000000056E0000-0x000000000590A000-memory.dmp

Filesize
2.2MB

Download
memory/1284-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1284-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1920-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1920-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1920-1-0x0000000001D10000-0x0000000001E43000-memory.dmp

Filesize
1.2MB

Download
memory/1920-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download