2a9ea8d5aef32276b31cd81d59eb9e82573f5d11d08442bb150b0ee8809b17a7

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 14:40

Target

58f7cca4132b606fd7bbfe36fa83c775.exe
Size

1.3MB
MD5

58f7cca4132b606fd7bbfe36fa83c775
SHA1

a2b0e9a63e2b5b470d204e58fea7c45f62993feb
SHA256

2a9ea8d5aef32276b31cd81d59eb9e82573f5d11d08442bb150b0ee8809b17a7
SHA512

30d5f6f4271f012d504705f389a783ffefae5afa840b9c119540d95802681433bb21ef9bdd442a129dd59f895e2901148833160f5e75fdc231b1c3abd8cbb88f
SSDEEP

24576:nsmSmTiluvKC+PUkqlT73Zz99iUP4N4ZdiZ+Zur2U9/9Us:nF2UkU+4ZdZZurpR9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4800	58f7cca4132b606fd7bbfe36fa83c775.exe

Executes dropped EXE 1 IoCs

pid	Process
4800	58f7cca4132b606fd7bbfe36fa83c775.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4036-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000600000001e5df-11.dat	upx
behavioral2/memory/4800-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4036	58f7cca4132b606fd7bbfe36fa83c775.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4036	58f7cca4132b606fd7bbfe36fa83c775.exe
4800	58f7cca4132b606fd7bbfe36fa83c775.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4036 wrote to memory of 4800	4036	58f7cca4132b606fd7bbfe36fa83c775.exe	27
PID 4036 wrote to memory of 4800	4036	58f7cca4132b606fd7bbfe36fa83c775.exe	27
PID 4036 wrote to memory of 4800	4036	58f7cca4132b606fd7bbfe36fa83c775.exe	27

C:\Users\Admin\AppData\Local\Temp\58f7cca4132b606fd7bbfe36fa83c775.exe

Filesize
177KB

MD5
a9075600d800632f2f1a4fb32bfc9965

SHA1
af4559cdc46767a4a72fb20bb237522c09ff0402

SHA256
4e46080f8b6fa2682344d64dc15e92586b6651cdcbe416926ee8ab833f0bad04

SHA512
babff367cf58041e1ceb68f3099191674f175f2ee9ea671218522dce430b370a71c9d5e6251e72734ca205df9e8cadb12611d462d442065b814d35eec8d42748

Download Submit
memory/4036-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/4036-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4036-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4036-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4800-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4800-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4800-16-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/4800-20-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/4800-22-0x00000000055D0000-0x00000000057F2000-memory.dmp

Filesize
2.1MB

Download
memory/4800-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download