f92e76c6607293c3bc5b5b511b41ea5d5e774f85eaeb838e20a14fd2774089f5

Analysis

max time kernel
138s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 13:42

Target

3d0153bf70383995c8a07a2c3c86e1e3.exe
Size

2.9MB
MD5

3d0153bf70383995c8a07a2c3c86e1e3
SHA1

f99b974044d9c97f094513757e39c2c037272cdf
SHA256

f92e76c6607293c3bc5b5b511b41ea5d5e774f85eaeb838e20a14fd2774089f5
SHA512

2e5630794d83ea9ab89411f4a9c601de4e3363372baee2f8ccff09626a212c89877c70b47d2c1665d26714c095984956746c8275f45ef7a15a47038751520c61
SSDEEP

49152:DT/9UgzGm5SMoicucIbqMnf0Qd6Lf9zrJlQMur0Vd0cIT3AH:u6SJiVPpdkf9RlM4633q

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1524	3d0153bf70383995c8a07a2c3c86e1e3.exe

Executes dropped EXE 1 IoCs

pid	Process
1524	3d0153bf70383995c8a07a2c3c86e1e3.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1732-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002311a-11.dat	upx
behavioral2/memory/1524-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1732	3d0153bf70383995c8a07a2c3c86e1e3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1732	3d0153bf70383995c8a07a2c3c86e1e3.exe
1524	3d0153bf70383995c8a07a2c3c86e1e3.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 1524	1732	3d0153bf70383995c8a07a2c3c86e1e3.exe	90
PID 1732 wrote to memory of 1524	1732	3d0153bf70383995c8a07a2c3c86e1e3.exe	90
PID 1732 wrote to memory of 1524	1732	3d0153bf70383995c8a07a2c3c86e1e3.exe	90

C:\Users\Admin\AppData\Local\Temp\3d0153bf70383995c8a07a2c3c86e1e3.exe

Filesize
2.9MB

MD5
f0d78b097b054df7b48140a90097ad13

SHA1
335e06952bbaac33f7e4119269521ef8cf58dacf

SHA256
63d6cfa7ee20a2c271b1d2e34cedb1ba59101d2bb818e094aaed89faa784a9a6

SHA512
1c877a437e874c26c034c0fa039f37ac93157183a52fe2dd03d70598253e8b963ea4067382596c77a63d9833da710d064caddfa1e4b0fb2564e2b4015fd81739

Download Submit
memory/1524-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1524-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1524-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1524-20-0x00000000055C0000-0x00000000057EA000-memory.dmp

Filesize
2.2MB

Download
memory/1524-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1524-27-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1732-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1732-1-0x0000000001DE0000-0x0000000001F13000-memory.dmp

Filesize
1.2MB

Download
memory/1732-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1732-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download