c31dcd728d6b8803c61d7bd0833943461cdf3708352e4fbc632d5b82e89259b7

Analysis

max time kernel
148s
max time network
90s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 06:25

Target

42fae771030963bfade57fc048d80be0.exe
Size

5.3MB
MD5

42fae771030963bfade57fc048d80be0
SHA1

a2ce532edc11f99034ce541a7f9ae64568e5345b
SHA256

c31dcd728d6b8803c61d7bd0833943461cdf3708352e4fbc632d5b82e89259b7
SHA512

cebbb5783c06052f68eacf529e72422c045b35c2b5c1ae7ff423cb1a7a52c5f3aab6df91b313acec4a6e4965e6ac768c806ecb5b48a3a22194733d49f053e19c
SSDEEP

98304:j1AvB7aVyBgm51JfbDl/0TdcY5oysoB+bmPtJfbDl/:j07aVO5vf5xYqq9Hf5

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1896	42fae771030963bfade57fc048d80be0.exe

Executes dropped EXE 1 IoCs

pid	Process
1896	42fae771030963bfade57fc048d80be0.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1896-16-0x0000000000400000-0x000000000086A000-memory.dmp	upx
behavioral2/files/0x000300000001e982-13.dat	upx
behavioral2/memory/2896-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2896	42fae771030963bfade57fc048d80be0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2896	42fae771030963bfade57fc048d80be0.exe
1896	42fae771030963bfade57fc048d80be0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 1896	2896	42fae771030963bfade57fc048d80be0.exe	18
PID 2896 wrote to memory of 1896	2896	42fae771030963bfade57fc048d80be0.exe	18
PID 2896 wrote to memory of 1896	2896	42fae771030963bfade57fc048d80be0.exe	18

C:\Users\Admin\AppData\Local\Temp\42fae771030963bfade57fc048d80be0.exe

Filesize
10KB

MD5
73085c9047e7068d06506f7acf2d7087

SHA1
0d69b6e7760f05bc7c8fb0977d5d47f2bc47d8fe

SHA256
5551e5cfaf3be2090d304b0096292873f74c4bd7b417b63396545b17c687103e

SHA512
52d2322c4dd85a4b9366163b04b8d590df8e07009dfa963d44286aac53401e714fb6c440ebc21c47049658d3d5e3822076715a45bc78dcad3c6640bdf01b6574

Download Submit
memory/1896-16-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/1896-19-0x0000000001870000-0x0000000001982000-memory.dmp

Filesize
1.1MB

Download
memory/1896-14-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/1896-24-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2896-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2896-1-0x0000000001870000-0x0000000001982000-memory.dmp

Filesize
1.1MB

Download
memory/2896-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2896-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download