f3f87736fcf9ac05ab90a3a6586995d3f60e80f388c7920586a6c9b271aae316

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2024 10:10

Target

562be401fe139c44bc66f07c1bffa5bd.exe
Size

2.9MB
MD5

562be401fe139c44bc66f07c1bffa5bd
SHA1

bd5978066b91a0d74e5b889387c455e60dbc72a6
SHA256

f3f87736fcf9ac05ab90a3a6586995d3f60e80f388c7920586a6c9b271aae316
SHA512

9565b337eb6b3494a5c221fd69dcd1cafdce10be492207a50902c6b73959317d65a4f73a096294d2b2271758a52f3f06e646f28915b6bfb7777a39b5fc505c85
SSDEEP

49152:Qk21E9W2c+8JmdW5JNN4OCTY2nS4QAZnoE9Baj8BBT4SfcsUjoh48TyMPkXdwkyZ:lW2P8JmOuDUf4fZnoEHau42c1joCjMP3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2588	562be401fe139c44bc66f07c1bffa5bd.exe

Executes dropped EXE 1 IoCs

pid	Process
2588	562be401fe139c44bc66f07c1bffa5bd.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4928-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000a000000023034-11.dat	upx
behavioral2/memory/2588-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4928	562be401fe139c44bc66f07c1bffa5bd.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4928	562be401fe139c44bc66f07c1bffa5bd.exe
2588	562be401fe139c44bc66f07c1bffa5bd.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 2588	4928	562be401fe139c44bc66f07c1bffa5bd.exe	93
PID 4928 wrote to memory of 2588	4928	562be401fe139c44bc66f07c1bffa5bd.exe	93
PID 4928 wrote to memory of 2588	4928	562be401fe139c44bc66f07c1bffa5bd.exe	93

C:\Users\Admin\AppData\Local\Temp\562be401fe139c44bc66f07c1bffa5bd.exe

Filesize
2.9MB

MD5
5f0861d6ac04defb660a5e6f7ace3d7a

SHA1
a3bed708ac813fa8850644494bf3e25b3f073555

SHA256
18e914280cd18b10b5dc8c48103907a295a5d826f659add8bc4d848ce8334fc9

SHA512
a61f6b154e65b70a5a47145de5251d910f67724082b5ffb7b614bf59ef53575b49e7a1a0579331759f54c73bdb9ed76c7ab053312061a1b012930f63ccf3f82f

Download Submit
memory/2588-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2588-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2588-15-0x0000000001DA0000-0x0000000001ED3000-memory.dmp

Filesize
1.2MB

Download
memory/2588-20-0x00000000056A0000-0x00000000058CA000-memory.dmp

Filesize
2.2MB

Download
memory/2588-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2588-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4928-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4928-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4928-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4928-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download