0876bfcb82e27f00e19ca3a7f86df5ca08e18192b922721ec95d431db1a79c78

Analysis

max time kernel
161s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02-01-2024 15:13

Target

3e13394345e23962bd282e8a6d6a4690.exe
Size

1.5MB
MD5

3e13394345e23962bd282e8a6d6a4690
SHA1

86689c2a463f711d53f28a6bc1fd6dd337e1b1bf
SHA256

0876bfcb82e27f00e19ca3a7f86df5ca08e18192b922721ec95d431db1a79c78
SHA512

bbf86ad674acf8d9868ddf29f2da3ef1b355f25aed324ec5820b810f3609eb4545c4455060f9fb32f45367c5b195fec54c2f7d5db7a6dd324ea6ce68493497b4
SSDEEP

24576:elKdJIxqzF8/FCLMTz2PXHztovshGBgMWp7/5fCKW:IKdJ46F8/FXz2PXHzwshLMELRCK

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2116	3e13394345e23962bd282e8a6d6a4690.exe

Executes dropped EXE 1 IoCs

pid	Process
2116	3e13394345e23962bd282e8a6d6a4690.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2940-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000600000002311d-12.dat	upx
behavioral2/memory/2116-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2940	3e13394345e23962bd282e8a6d6a4690.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2940	3e13394345e23962bd282e8a6d6a4690.exe
2116	3e13394345e23962bd282e8a6d6a4690.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 2116	2940	3e13394345e23962bd282e8a6d6a4690.exe	91
PID 2940 wrote to memory of 2116	2940	3e13394345e23962bd282e8a6d6a4690.exe	91
PID 2940 wrote to memory of 2116	2940	3e13394345e23962bd282e8a6d6a4690.exe	91

C:\Users\Admin\AppData\Local\Temp\3e13394345e23962bd282e8a6d6a4690.exe

Filesize
1.5MB

MD5
17ff14c6074da3c7aca8196b747cb0a7

SHA1
a36c8f613c30dfdaa624a401bd0f28e4743f082b

SHA256
5ae2ced31adacb95cc47863af6ea6619e145f4fe2c151f8ca5ea0d79feba93ec

SHA512
f206da423e4968490ff4185ab9360cc2c2488978ec2eff1dd25279fa1289465db9e81f17491767d534b2eb25f302c0cf14ef879b90ce6599e48bb9bf6c872740

Download Submit
memory/2116-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2116-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2116-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2116-21-0x0000000005590000-0x00000000057BA000-memory.dmp

Filesize
2.2MB

Download
memory/2116-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2116-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2940-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2940-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2940-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2940-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download