a65bdea83025d85268ab92ad1a7f3934078b5c66bdd0c36ec031d569f4a932dc

Analysis

max time kernel
140s
max time network
81s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 07:34

Target

431ea7329641e8a9e9bbdddb9071770e.exe
Size

5.8MB
MD5

431ea7329641e8a9e9bbdddb9071770e
SHA1

d86be14425fea05c2ec4563191a809d0a667ba78
SHA256

a65bdea83025d85268ab92ad1a7f3934078b5c66bdd0c36ec031d569f4a932dc
SHA512

ce415699ab27914cf750890c74aec14f314ed2575dfe1fd03bbe60c5c6552e158173f5970822b0d7e6b6d879d26d531590f9028356ef7325c40a0946aa8004f0
SSDEEP

98304:5w9MhsvF4HBUCczzM3iIioC/1vCNv4HBUCczzM3:5w9Miv+WC9ANvigWC

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1388	431ea7329641e8a9e9bbdddb9071770e.exe

Executes dropped EXE 1 IoCs

pid	Process
1388	431ea7329641e8a9e9bbdddb9071770e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2384-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/1388-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000d00000002315a-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2384	431ea7329641e8a9e9bbdddb9071770e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2384	431ea7329641e8a9e9bbdddb9071770e.exe
1388	431ea7329641e8a9e9bbdddb9071770e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 1388	2384	431ea7329641e8a9e9bbdddb9071770e.exe	16
PID 2384 wrote to memory of 1388	2384	431ea7329641e8a9e9bbdddb9071770e.exe	16
PID 2384 wrote to memory of 1388	2384	431ea7329641e8a9e9bbdddb9071770e.exe	16

C:\Users\Admin\AppData\Local\Temp\431ea7329641e8a9e9bbdddb9071770e.exe

Filesize
29KB

MD5
4712f59493b181bd1ef1acd693c608aa

SHA1
31274d056aefb32af56e40c4361d12edadcb28a1

SHA256
27c58a368937d0fd5289bc913ad0b65ab0a5a2b6b0e68f6718f2febe6b1ce6ca

SHA512
9d6fcabe85ee48475904d8e82362f6b6821197d3fb9c19740e54bc81d90c449bcde4998e1694dc89048350c94e6fc3438697c4522b28e25aa2ad3123e1e623c8

Download Submit
memory/1388-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1388-16-0x0000000001D70000-0x0000000001EA3000-memory.dmp

Filesize
1.2MB

Download
memory/1388-22-0x0000000005670000-0x000000000589A000-memory.dmp

Filesize
2.2MB

Download
memory/1388-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1388-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1388-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2384-1-0x0000000001BF0000-0x0000000001D23000-memory.dmp

Filesize
1.2MB

Download
memory/2384-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2384-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2384-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download