2145db71dae9cdf49663188229e6dec924f658b0d68643bca1e097696d0fec18

Analysis

max time kernel
161s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2024 21:57

Target

3dfb1abf97a6a7590cc68626454d68f9.exe
Size

2.7MB
MD5

3dfb1abf97a6a7590cc68626454d68f9
SHA1

42af0e90dfe04edcc8ebae468f42074559d43cab
SHA256

2145db71dae9cdf49663188229e6dec924f658b0d68643bca1e097696d0fec18
SHA512

e26c58971af4547f39cd3ee36e151748ba53d7bc334909e75ec63cf24799c46b7c4b3bd2ed0b92dd93ef8e3a4818b715df82f7af95e9e209bc70dd9fee17fb7c
SSDEEP

49152:4NipghzlOSMAJEmx6+2nojR9njmrYlw03Kpx2lkfZR9j:4NF/kA2y6+2AHSUypZRHj

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4592	3dfb1abf97a6a7590cc68626454d68f9.exe

Executes dropped EXE 1 IoCs

pid	Process
4592	3dfb1abf97a6a7590cc68626454d68f9.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4660-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x00070000000231f7-10.dat	upx
behavioral2/memory/4592-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4660	3dfb1abf97a6a7590cc68626454d68f9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4660	3dfb1abf97a6a7590cc68626454d68f9.exe
4592	3dfb1abf97a6a7590cc68626454d68f9.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 4592	4660	3dfb1abf97a6a7590cc68626454d68f9.exe	91
PID 4660 wrote to memory of 4592	4660	3dfb1abf97a6a7590cc68626454d68f9.exe	91
PID 4660 wrote to memory of 4592	4660	3dfb1abf97a6a7590cc68626454d68f9.exe	91

C:\Users\Admin\AppData\Local\Temp\3dfb1abf97a6a7590cc68626454d68f9.exe

Filesize
1.7MB

MD5
2fd031830a4ecb93ee7d05bc2fae0e11

SHA1
7da1739b6eb1df3321cfa9561604862fe1c13694

SHA256
cfebc93e54b79b815a8e0786e719e9b9fd0421bd14744e37d76b0cb19baf591f

SHA512
cb93a7ecb159d078d7a829b470f1771c710148944f2e0c9c457ec061cce3b218a2ce54fd1bdc87fe7cf498085d4ca18f8a70c2f054aa27b94169d6f0e599f1c2

Download Submit
memory/4592-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4592-15-0x0000000001D90000-0x0000000001EC1000-memory.dmp

Filesize
1.2MB

Download
memory/4592-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4592-20-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/4592-21-0x0000000005680000-0x00000000058A2000-memory.dmp

Filesize
2.1MB

Download
memory/4592-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4660-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4660-1-0x0000000001E00000-0x0000000001F31000-memory.dmp

Filesize
1.2MB

Download
memory/4660-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4660-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download