c2b31303ca9d553dc2227959c4e9ed9b0d13869935201dc7a2f00093abbe19d7

Analysis

max time kernel
95s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 22:18

Target

75a70e93c4b39e1b656db561301c9e4c.exe
Size

1.3MB
MD5

75a70e93c4b39e1b656db561301c9e4c
SHA1

a029c8f1bc5d3878c7d3d62f11c5b1f387acf39b
SHA256

c2b31303ca9d553dc2227959c4e9ed9b0d13869935201dc7a2f00093abbe19d7
SHA512

56c2efbf412aec4556cdb192d3f042d202c737a7895d7a500414599c0686c69acf5ffe94b16e4caec1a22520a86e435da92acd2cb069740eb7197462702e6d18
SSDEEP

24576:I+Zoypl69vrxEVe9+be57aPfhJoz/jOuw3a1k0O8wvFD1VywkEFMWc:B6yQufKQPfhezRFkZ8sFehp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1864	75a70e93c4b39e1b656db561301c9e4c.exe

Executes dropped EXE 1 IoCs

pid	Process
1864	75a70e93c4b39e1b656db561301c9e4c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1864-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002321e-11.dat	upx
behavioral2/memory/4808-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4808	75a70e93c4b39e1b656db561301c9e4c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4808	75a70e93c4b39e1b656db561301c9e4c.exe
1864	75a70e93c4b39e1b656db561301c9e4c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 1864	4808	75a70e93c4b39e1b656db561301c9e4c.exe	91
PID 4808 wrote to memory of 1864	4808	75a70e93c4b39e1b656db561301c9e4c.exe	91
PID 4808 wrote to memory of 1864	4808	75a70e93c4b39e1b656db561301c9e4c.exe	91

C:\Users\Admin\AppData\Local\Temp\75a70e93c4b39e1b656db561301c9e4c.exe

Filesize
67KB

MD5
486ae6126d3de417e5a632fa8167df83

SHA1
fe0853f1c6863cec714772fbeacfe4b0b97b738a

SHA256
6152df002b43cfdb6517ddad33f5e54992f511be4d534ac265c09c486f92c28c

SHA512
77a1dbb3bfaf84a101a186976b8f251daeacef42fef9721fedc05f1d6573f509c6020625f87620b8a48fa33fa72a3bcd8387fdc666da78f45f7a2b9ec32f2259

Download Submit
memory/1864-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1864-20-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/1864-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1864-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1864-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1864-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4808-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4808-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4808-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4808-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download