af328083dc07cd4e3e34e3836b47ba46e375512d1c1b958674085705bc04f8ad

Analysis

max time kernel
137s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2024 10:29

Target

71fe4a92055488c60ac869b6665a12f6.exe
Size

1.3MB
MD5

71fe4a92055488c60ac869b6665a12f6
SHA1

2a1086600a0e25ce251abc382e17c2116d1d614c
SHA256

af328083dc07cd4e3e34e3836b47ba46e375512d1c1b958674085705bc04f8ad
SHA512

4e08e475f5f89797f586d9e3c12824925bc2f04db4ec96ce279a71ceb90851417814369398665a78d216e31dedee83a4ea0769f29ebaa3303a2c6ad2765ffd19
SSDEEP

24576:ka5vMFQHf2MHGpGwA3L4i+CpEoXc4HGO2Vbu6CmKIbVLhmDLjFlU9/9Us:HMWHnGa3LjrF2VbfCmKIbVLhSLj8R9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2420	71fe4a92055488c60ac869b6665a12f6.exe

Executes dropped EXE 1 IoCs

pid	Process
2420	71fe4a92055488c60ac869b6665a12f6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4912-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000b00000002301d-11.dat	upx
behavioral2/memory/2420-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4912	71fe4a92055488c60ac869b6665a12f6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4912	71fe4a92055488c60ac869b6665a12f6.exe
2420	71fe4a92055488c60ac869b6665a12f6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 2420	4912	71fe4a92055488c60ac869b6665a12f6.exe	88
PID 4912 wrote to memory of 2420	4912	71fe4a92055488c60ac869b6665a12f6.exe	88
PID 4912 wrote to memory of 2420	4912	71fe4a92055488c60ac869b6665a12f6.exe	88

C:\Users\Admin\AppData\Local\Temp\71fe4a92055488c60ac869b6665a12f6.exe

Filesize
1.3MB

MD5
c31d6968cef5d4ba7c367d27aff2cf39

SHA1
34a17a83dffb7c2426e6ab30b1afc36f609bc6f7

SHA256
ce76ed57adb071b0ecb88fcf3ca7dd785f7973fd9b81c482e7bec80eda626c86

SHA512
b199640ab2b37be426e70451f5ff9bfab72f88cfb9b0536b09df6581e82271d2a83e4892d45fa310fd048d8594efa23db7cf8d18473b8d83b1b0fb762c776ed6

Download Submit
memory/2420-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2420-15-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2420-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2420-20-0x0000000005710000-0x0000000005932000-memory.dmp

Filesize
2.1MB

Download
memory/2420-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2420-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4912-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4912-1-0x0000000001CF0000-0x0000000001E21000-memory.dmp

Filesize
1.2MB

Download
memory/4912-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4912-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download