bd38363b8933b74f10a22dcb4b446d26fb0dd04009075849258b282bf0d16b30

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 18:09

Target

3d868fb62a491292076e708ee1d78169.exe
Size

2.9MB
MD5

3d868fb62a491292076e708ee1d78169
SHA1

f19c90dc5c5706587dba9219bf9a4a4c92c2a937
SHA256

bd38363b8933b74f10a22dcb4b446d26fb0dd04009075849258b282bf0d16b30
SHA512

9392b70173ee5039271bb5a348cd11f6442d5520dada77171232739e979e27c70b6b6ed1c611220164be95e52ef9aaba0d6833815bb5cd4a9556f8e82c668d1f
SSDEEP

49152:JOOTn9IO1yXr352o3+X+fteFfF9Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:JOKyO1C5PStFHau42c1joCjMPkNwk6

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2592	3d868fb62a491292076e708ee1d78169.exe

Executes dropped EXE 1 IoCs

pid	Process
2592	3d868fb62a491292076e708ee1d78169.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2204-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00050000000006e9-11.dat	upx
behavioral2/memory/2592-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2204	3d868fb62a491292076e708ee1d78169.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2204	3d868fb62a491292076e708ee1d78169.exe
2592	3d868fb62a491292076e708ee1d78169.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2592	2204	3d868fb62a491292076e708ee1d78169.exe	88
PID 2204 wrote to memory of 2592	2204	3d868fb62a491292076e708ee1d78169.exe	88
PID 2204 wrote to memory of 2592	2204	3d868fb62a491292076e708ee1d78169.exe	88

C:\Users\Admin\AppData\Local\Temp\3d868fb62a491292076e708ee1d78169.exe

Filesize
65KB

MD5
ee76085ef43966eb795eacaa9d5f8345

SHA1
9656d0467210e1d4cd4e8e3f279f423afb8876d7

SHA256
eaabce5eeae62bad39f4851f426ad77cac5f2b5f6171680be4dc54dc4b07bf62

SHA512
66d6e68959a749e3ceb131e28f971f6c14a8e4c26dd1a5eb460e6ec76b989f31acd07018302c56d3567f084d350590b6543611863ae69419222074a19679f8cf

Download Submit
memory/2204-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2204-1-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/2204-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2204-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2592-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2592-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2592-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2592-20-0x0000000005550000-0x000000000577A000-memory.dmp

Filesize
2.2MB

Download
memory/2592-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2592-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download