81228dbae7982552e8d34dcc0f938bfb00b187a7593cebaf124ae4ba4a25c2c7

Analysis

max time kernel
171s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 15:36

Target

3d3b1e51834b5479bf4d0efac434b8a4.exe
Size

1.5MB
MD5

3d3b1e51834b5479bf4d0efac434b8a4
SHA1

822ff2b282f2fe55d34e620feef5b8d57edbc46c
SHA256

81228dbae7982552e8d34dcc0f938bfb00b187a7593cebaf124ae4ba4a25c2c7
SHA512

c68822c4e3e6de164acc74455ee7624a1fcf58cef0cdf85798180ef7e0f2baf4be22e1bd1d6b81c23cc1cd4cba4a539cc52d10d44d0419718ecdcbc497415ee1
SSDEEP

24576:Ae0XCbaaHEiTLZoKWY80J3XnT9VQGVU0FqWjLk4P7v9H7MLW:QCmWvZ6I3DgGVUAAwe

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4892	3d3b1e51834b5479bf4d0efac434b8a4.exe

Executes dropped EXE 1 IoCs

pid	Process
4892	3d3b1e51834b5479bf4d0efac434b8a4.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4840-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023204-11.dat	upx
behavioral2/memory/4892-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4840	3d3b1e51834b5479bf4d0efac434b8a4.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4840	3d3b1e51834b5479bf4d0efac434b8a4.exe
4892	3d3b1e51834b5479bf4d0efac434b8a4.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 4892	4840	3d3b1e51834b5479bf4d0efac434b8a4.exe	90
PID 4840 wrote to memory of 4892	4840	3d3b1e51834b5479bf4d0efac434b8a4.exe	90
PID 4840 wrote to memory of 4892	4840	3d3b1e51834b5479bf4d0efac434b8a4.exe	90

C:\Users\Admin\AppData\Local\Temp\3d3b1e51834b5479bf4d0efac434b8a4.exe

Filesize
1.5MB

MD5
7e38909558ecddbba89a4d3b5a1280b9

SHA1
3e970402e720bffc08eda33bdc84327b8c06c1f7

SHA256
e75049ab9bf1714ce5046dc15b4c2dba6148d1984204a6b5bbecafb041c97e45

SHA512
f38dda78e64de3374fd95b125b502363f47988c8d5c3d229d46089cce00dbf01b5cf5b76dafa8fb67dc36bf90f54a2feff5607534cc44241a156abef7d77045a

Download Submit
memory/4840-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4840-1-0x0000000001DA0000-0x0000000001ED3000-memory.dmp

Filesize
1.2MB

Download
memory/4840-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4840-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4892-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4892-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4892-16-0x0000000001D00000-0x0000000001E33000-memory.dmp

Filesize
1.2MB

Download
memory/4892-20-0x0000000005600000-0x000000000582A000-memory.dmp

Filesize
2.2MB

Download
memory/4892-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4892-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download