cacdbbc52562c78ec2c2e2125e7f7b074a573ce29a092c88cf57c82d2566733f

Analysis

max time kernel
142s
max time network
81s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 06:18

Target

3c1b3b26a6dfd172d8aca8d9ed718763.exe
Size

1.5MB
MD5

3c1b3b26a6dfd172d8aca8d9ed718763
SHA1

e1ed358505eb9a0d448ad1a1761570ea198a8a4e
SHA256

cacdbbc52562c78ec2c2e2125e7f7b074a573ce29a092c88cf57c82d2566733f
SHA512

fb0901cf0b2a9c0b5f34fc8414092a712f710fe38de5f51cea42d3258b88a7b72420a7174d1ed11ccfb78d45931f9304f9d9cc69d14ed8ef482134c5312ccef4
SSDEEP

24576:TD+2lqTWGMHs3aBksmPfMTBzd9s5GzdE7Xb08ALwbBq7bqp1WW:TD/l8yHs3akPMt6Gxmb3ALwFqaDW

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2616	3c1b3b26a6dfd172d8aca8d9ed718763.exe

Executes dropped EXE 1 IoCs

pid	Process
2616	3c1b3b26a6dfd172d8aca8d9ed718763.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4540-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00050000000006e9-11.dat	upx
behavioral2/memory/2616-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4540	3c1b3b26a6dfd172d8aca8d9ed718763.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4540	3c1b3b26a6dfd172d8aca8d9ed718763.exe
2616	3c1b3b26a6dfd172d8aca8d9ed718763.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 2616	4540	3c1b3b26a6dfd172d8aca8d9ed718763.exe	24
PID 4540 wrote to memory of 2616	4540	3c1b3b26a6dfd172d8aca8d9ed718763.exe	24
PID 4540 wrote to memory of 2616	4540	3c1b3b26a6dfd172d8aca8d9ed718763.exe	24

C:\Users\Admin\AppData\Local\Temp\3c1b3b26a6dfd172d8aca8d9ed718763.exe

Filesize
39KB

MD5
c272b9572c3e1d77f71e31c597ec1212

SHA1
aafa4f7e80749cbfb61eb80e3680d729098bcb7c

SHA256
06eefb2da20d4757060ffda225b101d53995f4d582cdebef6e9c76e3d5141083

SHA512
db11e1a7d6058a38e3ae8999c4d080eff87953ade97924d44f8abc819e8c08185871b378d9ec547a8e5addafe75a2c59cdb1e815514313d9a0ed41bfccd58ada

Download Submit
memory/2616-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2616-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2616-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2616-20-0x0000000005600000-0x000000000582A000-memory.dmp

Filesize
2.2MB

Download
memory/2616-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2616-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4540-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4540-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4540-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4540-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download