ec61b03b4cefe3fd4baa89539133a4763f839d20ffee84062b9b619c89aec4f0

Analysis

max time kernel
3s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 14:01

Target

3d0a59f4bbee5fadba009efc37dad7b2.exe
Size

418KB
MD5

3d0a59f4bbee5fadba009efc37dad7b2
SHA1

aa77adef23c4dde848b3c5509ffbd69790167cd5
SHA256

ec61b03b4cefe3fd4baa89539133a4763f839d20ffee84062b9b619c89aec4f0
SHA512

4a6830d25adbac11d77621f9add0cd96c2711040ba1aaf14352f8fd9b826bfca6820dcf41f881cebe8642ba614f51928d4158209a57d0a02d04f2cd9270e9219
SSDEEP

6144:xBXsRBP1ttbZO3l5QYktJKjAjTglZGE6w7ofGSsd97vbQI4FB+:IHPPz+AjUl56wVSsnF4D

Score

7^/10

upx

Executes dropped EXE 1 IoCs

pid	Process
2040	Bkiria.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4188-0-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/files/0x000a00000002310f-10.dat	upx
behavioral2/files/0x000a00000002310f-9.dat	upx

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job	3d0a59f4bbee5fadba009efc37dad7b2.exe
File created	C:\Windows\Bkiria.exe	3d0a59f4bbee5fadba009efc37dad7b2.exe
File opened for modification	C:\Windows\Bkiria.exe	3d0a59f4bbee5fadba009efc37dad7b2.exe
File created	C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job	3d0a59f4bbee5fadba009efc37dad7b2.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3232	2040	WerFault.exe	76

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 2040	4188	3d0a59f4bbee5fadba009efc37dad7b2.exe	76
PID 4188 wrote to memory of 2040	4188	3d0a59f4bbee5fadba009efc37dad7b2.exe	76
PID 4188 wrote to memory of 2040	4188	3d0a59f4bbee5fadba009efc37dad7b2.exe	76

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2040 -ip 2040
1⤵
PID:1920

C:\Windows\Bkiria.exe

Filesize
18KB

MD5
2c6a5746432cab5b335a1eda17f780e8

SHA1
961aa981b7eb48ec0074bf8e939cc35c7ddd127f

SHA256
4ac047a69fd24725fa7c00222825913f29a35109ea79bb162f07b5c637de2e5e

SHA512
c772c4508fbb601c9cc8d85b78b133917b3d499f9147d46928c73c2f55fe02909dbcb4be8b221d12b58bd48c05d8e865bb0d97181e6a6ddc8b770497dd74216d

Download Submit
C:\Windows\Bkiria.exe

Filesize
5KB

MD5
70f281e23472d910a75df27ad2960404

SHA1
b221c4467d7c61bff6ecd304995da884ce15b1b4

SHA256
23b1cdd0c4632763dd6e3be7ba3524f95503a6659e8dbc9fbb0b2fe38e1233e0

SHA512
5b6a7123f3deda91c5f6769e1cdcbeaac70527fc5c31c8738d262c45d990e9ed93da80adcd2b0b077eec0b179fb1ff5eacf1d26bdc2ece50c8b8ad015ef6b7e6

Download Submit
memory/2040-18-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2040-54536-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2040-148189-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4188-0-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4188-4-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/4188-1-0x0000000000A10000-0x0000000000A11000-memory.dmp

Filesize
4KB

Download
memory/4188-31564-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download