21d834eeece11735e2a289c2903fdaa032a8d4e0810bbfe6d04ac3792cf5243c

Analysis

max time kernel
162s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 04:43

Target

42c986807d74e6ca257bb32bc77c46a7.exe
Size

2.7MB
MD5

42c986807d74e6ca257bb32bc77c46a7
SHA1

ad93a9b554c8ee475a3ab728b8f0722915b28b65
SHA256

21d834eeece11735e2a289c2903fdaa032a8d4e0810bbfe6d04ac3792cf5243c
SHA512

d29ece1fbae29bbdf7904774109671ffa86e4b01d7e3e8c92d778acfda3ecf29ab3ffdf00dbc27d67905bc0d1b41c82a619b6ab67cf98dca8b1eedc18ab8d581
SSDEEP

49152:JgKbxJMN3w5cAmPvAyobWMz2DyR9cF5OonzWMnpMax+SW0IcWpAfejR9j:JgGM3w5cAEvgRRHcFoLWT+SW0xWvHj

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1100	42c986807d74e6ca257bb32bc77c46a7.exe

Executes dropped EXE 1 IoCs

pid	Process
1100	42c986807d74e6ca257bb32bc77c46a7.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2272-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/memory/2272-1-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000200000001e7ea-12.dat	upx
behavioral2/memory/1100-14-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2272	42c986807d74e6ca257bb32bc77c46a7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2272	42c986807d74e6ca257bb32bc77c46a7.exe
1100	42c986807d74e6ca257bb32bc77c46a7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 1100	2272	42c986807d74e6ca257bb32bc77c46a7.exe	95
PID 2272 wrote to memory of 1100	2272	42c986807d74e6ca257bb32bc77c46a7.exe	95
PID 2272 wrote to memory of 1100	2272	42c986807d74e6ca257bb32bc77c46a7.exe	95

C:\Users\Admin\AppData\Local\Temp\42c986807d74e6ca257bb32bc77c46a7.exe

Filesize
2.7MB

MD5
39c1618ed5d9101c6b1abc20bd8cd2e7

SHA1
0e83187f09ff39d78a3115dfd890b4f1da88ba41

SHA256
0fa8a679584d2190519297143be0bc4c4bfd0e9e2757bd48276cbac48e3fd818

SHA512
8d854b94d3733ee8778bafb0816aa44c66bbf87c6b1eedb56eccaea8d9548c6a28daec87a6458a2747a9053fef117d4eb8c774bfbf12cf6dde5ab35b87cd0ad0

Download Submit
memory/1100-14-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1100-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1100-16-0x0000000001CF0000-0x0000000001E21000-memory.dmp

Filesize
1.2MB

Download
memory/1100-21-0x00000000055E0000-0x0000000005802000-memory.dmp

Filesize
2.1MB

Download
memory/1100-22-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1100-29-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2272-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2272-1-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2272-2-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2272-3-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2272-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download