c0428607ed9de91b77fe6d9d259d9e0599ee921a7d56c23d83eaf149e18bb9f4

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 22:48

Target

421d2f54a2e9ba8c2c78eaaefed6d1c9.exe
Size

5.8MB
MD5

421d2f54a2e9ba8c2c78eaaefed6d1c9
SHA1

9a58bc71edf496497789d0a16a0a029cfe7d7741
SHA256

c0428607ed9de91b77fe6d9d259d9e0599ee921a7d56c23d83eaf149e18bb9f4
SHA512

1b442f43efc94773591896fa0fd709bd5a0e9165b15f7d388d916c2a69a7c516f3c7ede4b119c57e3195d1719b81ef52bf8f76ee6e727af6d9c175ac059cc23e
SSDEEP

98304:UIySiUWE59roEWrHjKX+Ql1F0qeE70GdC94crrVXq5SDVTjKX+Ql1F0qeE70:aMfrrovrDK7dDdC9rr9qYBnK7d

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1700	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe

Executes dropped EXE 1 IoCs

pid	Process
1700	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3472-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002320b-11.dat	upx
behavioral2/memory/1700-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3472	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3472	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe
1700	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 1700	3472	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe	88
PID 3472 wrote to memory of 1700	3472	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe	88
PID 3472 wrote to memory of 1700	3472	421d2f54a2e9ba8c2c78eaaefed6d1c9.exe	88

C:\Users\Admin\AppData\Local\Temp\421d2f54a2e9ba8c2c78eaaefed6d1c9.exe

Filesize
262KB

MD5
f6cdced0a8744cf5077320eba7dae34c

SHA1
dffe015b3733e6d1de801cfda50b9bc6e40d81d9

SHA256
52dbe5aa00787c0afe2c9df2955741421392fd12cfb86ce83910d1da26be27a9

SHA512
92f5953190c52b53dd4b2cc409e4dcc5c595b498fa678cfb7f82633ee4a4f1dc5ce628c1885aac0bdb9c74c823aed6efbf7f156be8dcb2281c624a79c55dc270

Download Submit
memory/1700-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1700-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1700-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1700-20-0x0000000005520000-0x000000000574A000-memory.dmp

Filesize
2.2MB

Download
memory/1700-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1700-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3472-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3472-1-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/3472-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3472-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download