a1d1158377adb16837fb6ba9834b787252c43642d675ee63d080745675e8a538

Analysis

max time kernel
220s
max time network
253s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 03:12

Target

3fbfbe826e08a2a271f84a33560cd2a5.exe
Size

2.9MB
MD5

3fbfbe826e08a2a271f84a33560cd2a5
SHA1

619136c0bd209936fd68a714ee98e544f188c2eb
SHA256

a1d1158377adb16837fb6ba9834b787252c43642d675ee63d080745675e8a538
SHA512

a37eccaf7d4461c1a98d71cacf44f5f130409a42ab183a6accd399be7219a7fdce795210a8ed5243e2754a2189f7584ff5e9c36612c673bfa17b5cd20c78bec3
SSDEEP

49152:GlVLUg1iuc8NHB/ZJG4RNfkOynzngGnhD19I8P4M338dB2IBlGuuDVUsdxxjeQZ5:GlxU8iB8/1RNfMnznpvbgg3gnl/IVUsn

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1744	3fbfbe826e08a2a271f84a33560cd2a5.exe

Executes dropped EXE 1 IoCs

pid	Process
1744	3fbfbe826e08a2a271f84a33560cd2a5.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1620-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000a00000002311d-11.dat	upx
behavioral2/memory/1744-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1620	3fbfbe826e08a2a271f84a33560cd2a5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1620	3fbfbe826e08a2a271f84a33560cd2a5.exe
1744	3fbfbe826e08a2a271f84a33560cd2a5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 1744	1620	3fbfbe826e08a2a271f84a33560cd2a5.exe	92
PID 1620 wrote to memory of 1744	1620	3fbfbe826e08a2a271f84a33560cd2a5.exe	92
PID 1620 wrote to memory of 1744	1620	3fbfbe826e08a2a271f84a33560cd2a5.exe	92

C:\Users\Admin\AppData\Local\Temp\3fbfbe826e08a2a271f84a33560cd2a5.exe

Filesize
610KB

MD5
f1e2e1f519c5189f6fe0721177c796e0

SHA1
e287e1d5a976ec1c4cc9658fb8336689a8995398

SHA256
d6a3fc88f7c616547feda964d348788a08690382d0adc330e6634a531bd0e380

SHA512
a960f24569a6279209d0eac683627482256d7efe2e5794ad87b3493ed315539ace08923e0c5ad16c986b8fff89c03526f04bab069f7ba2fb93182aaedb4f8ec1

Download Submit
memory/1620-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1620-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1620-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1620-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1744-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1744-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1744-15-0x0000000001CC0000-0x0000000001DF3000-memory.dmp

Filesize
1.2MB

Download
memory/1744-20-0x00000000055C0000-0x00000000057EA000-memory.dmp

Filesize
2.2MB

Download
memory/1744-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1744-27-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download