713eea9771cd0fefc51af190aef8d3510528fa1a8210518fa8796d6baf816290

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 10:42

Target

7204895fa37d3bdf5251057d3bfc22c5.exe
Size

1.8MB
MD5

7204895fa37d3bdf5251057d3bfc22c5
SHA1

d6833ee61cfa588363b4bffcf0c0e46111ce849f
SHA256

713eea9771cd0fefc51af190aef8d3510528fa1a8210518fa8796d6baf816290
SHA512

90c5d3ef2676d0ec2c38bfa4c9f5ba3e167ccb4265676f7ce9610f97ab9933eed26118abbb5e3cf44e83378ad8de2b30d60e4bb4b3c4a52fd280b4a7b44b63bb
SSDEEP

49152:Gkr8oywQMFw6XUXF8tEomL9M6TIakVbhOwP:tywQc1UXXp9M6TIrthOm

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
972	7204895fa37d3bdf5251057d3bfc22c5.exe

Executes dropped EXE 1 IoCs

pid	Process
972	7204895fa37d3bdf5251057d3bfc22c5.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4388-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023243-12.dat	upx
behavioral2/memory/972-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4388	7204895fa37d3bdf5251057d3bfc22c5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4388	7204895fa37d3bdf5251057d3bfc22c5.exe
972	7204895fa37d3bdf5251057d3bfc22c5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4388 wrote to memory of 972	4388	7204895fa37d3bdf5251057d3bfc22c5.exe	86
PID 4388 wrote to memory of 972	4388	7204895fa37d3bdf5251057d3bfc22c5.exe	86
PID 4388 wrote to memory of 972	4388	7204895fa37d3bdf5251057d3bfc22c5.exe	86

C:\Users\Admin\AppData\Local\Temp\7204895fa37d3bdf5251057d3bfc22c5.exe

Filesize
885KB

MD5
3a8327cb9144ad60978d57d35e7a4acf

SHA1
906d9aab3e8e6e799f2d14f9cce72fe1e2ca3179

SHA256
693f3f728793f4e1d469ea384e19a4b72a8a9be4f9a5d5517246784385386d43

SHA512
cdde76a1a4994d3ba65b9b40b0e07d8925e1e6fb6092d1a5f1e5d73d01cc66793fda2a1dd0472328988b3cd61ade5745d3d292098fede4888ffdb7aae54d18a7

Download Submit
memory/972-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/972-16-0x0000000001E00000-0x0000000001F33000-memory.dmp

Filesize
1.2MB

Download
memory/972-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/972-21-0x0000000005700000-0x000000000592A000-memory.dmp

Filesize
2.2MB

Download
memory/972-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/972-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4388-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4388-1-0x0000000001DB0000-0x0000000001EE3000-memory.dmp

Filesize
1.2MB

Download
memory/4388-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4388-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download