e8c84fefc5131beb5c210fc28bea54fface13de72a0123868037fe92bedf71bc

Analysis

max time kernel
155s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 01:39

Target

3f9300c51ee09f2a865a34de56d63887.exe
Size

2.9MB
MD5

3f9300c51ee09f2a865a34de56d63887
SHA1

12c0562258e45656cf6fd2f1bf1005797b3a12e9
SHA256

e8c84fefc5131beb5c210fc28bea54fface13de72a0123868037fe92bedf71bc
SHA512

965bb33a15459ee6240d2304c136eca1e73be6498de2089aae82a458a92a2603d3a7879f0c6887a76277217593091376facba9a5363b2e740005e374676995ad
SSDEEP

49152:S2XBWYPAeSwdA1CWBKzfvpGopAXxNBP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:S2X57PWA1Nsgg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2628	3f9300c51ee09f2a865a34de56d63887.exe

Executes dropped EXE 1 IoCs

pid	Process
2628	3f9300c51ee09f2a865a34de56d63887.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2140-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000b00000002300e-11.dat	upx
behavioral2/memory/2628-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2140	3f9300c51ee09f2a865a34de56d63887.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2140	3f9300c51ee09f2a865a34de56d63887.exe
2628	3f9300c51ee09f2a865a34de56d63887.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2628	2140	3f9300c51ee09f2a865a34de56d63887.exe	92
PID 2140 wrote to memory of 2628	2140	3f9300c51ee09f2a865a34de56d63887.exe	92
PID 2140 wrote to memory of 2628	2140	3f9300c51ee09f2a865a34de56d63887.exe	92

C:\Users\Admin\AppData\Local\Temp\3f9300c51ee09f2a865a34de56d63887.exe

Filesize
2.2MB

MD5
bf3e55b9750a1213660cb8bbe7bc9864

SHA1
bd3f408a8ba3e9305b80fe68e9aa89440c2c5822

SHA256
29b8d6b079f16713a50cb50de4d299d8dcf49a4a2741631e884301419bba0958

SHA512
5302dfae34156263a92d33fbfc888b8d90f5695605ac9d43ce7212652dabb935728a705a4848f134ad41087014187b78e7b265a0f09425e2f7d483f03c15e1db

Download Submit
memory/2140-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2140-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2140-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2140-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2628-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2628-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2628-14-0x0000000001C90000-0x0000000001DC3000-memory.dmp

Filesize
1.2MB

Download
memory/2628-20-0x0000000005590000-0x00000000057BA000-memory.dmp

Filesize
2.2MB

Download
memory/2628-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2628-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download