2f0049d5f00318c3c1621fc94fc6bd2048d5a0b298bb5917afb61e644f40c473

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/01/2024, 03:42

Target

5a2f31e3a773d48036f8679580fb49f3.exe
Size

2.9MB
MD5

5a2f31e3a773d48036f8679580fb49f3
SHA1

d73bee7c465c480eb623ab439dfa05d5808f4e55
SHA256

2f0049d5f00318c3c1621fc94fc6bd2048d5a0b298bb5917afb61e644f40c473
SHA512

5db1da39b95553e3589275867dcdd44cefb9a7284019643a45a097d64f38cbb4da85a7a59b4fde5ef414374fe75b02fc618b49ff01c21b968064e14be23ef7ad
SSDEEP

49152:QcEuqR8kPm+ZNN5wgd7Vu+0OVCsKGi9s5K3P4M338dB2IBlGuuDVUsdxxjeQZwxs:QckR8ke+ZN/wge+0OCT/gg3gnl/IVUsn

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
532	5a2f31e3a773d48036f8679580fb49f3.exe

Executes dropped EXE 1 IoCs

pid	Process
532	5a2f31e3a773d48036f8679580fb49f3.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3784-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000d00000002315a-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3784	5a2f31e3a773d48036f8679580fb49f3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3784	5a2f31e3a773d48036f8679580fb49f3.exe
532	5a2f31e3a773d48036f8679580fb49f3.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3784 wrote to memory of 532	3784	5a2f31e3a773d48036f8679580fb49f3.exe	87
PID 3784 wrote to memory of 532	3784	5a2f31e3a773d48036f8679580fb49f3.exe	87
PID 3784 wrote to memory of 532	3784	5a2f31e3a773d48036f8679580fb49f3.exe	87

C:\Users\Admin\AppData\Local\Temp\5a2f31e3a773d48036f8679580fb49f3.exe

Filesize
65KB

MD5
1b47f4b61023d9e0845aef455c284111

SHA1
4bc4d2c2d585d0611f31aa7e5c00585eb409fe53

SHA256
6fcb5f5d53a80be9f0a253addae2d7a8683537e18379c27101f990ba2879211a

SHA512
7853ba868e50d3fde3ed0f90c9030eb66b917bfca50f60a6b68dbad66cab2fbbd0538e8c3b8b7701e510733b70d2b63aef2a5ca59c16d9d8f3fd6807f079d385

Download Submit
memory/532-13-0x0000000001CB0000-0x0000000001DE3000-memory.dmp

Filesize
1.2MB

Download
memory/532-17-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/532-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/532-21-0x00000000055B0000-0x00000000057DA000-memory.dmp

Filesize
2.2MB

Download
memory/532-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/532-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3784-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3784-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3784-1-0x0000000001D10000-0x0000000001E43000-memory.dmp

Filesize
1.2MB

Download
memory/3784-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download