a972027264eebea9d9c1c2242115e80edd581572ba6614e7fdefa789b7b45c52

Analysis

max time kernel
134s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 10:44

Target

747d66d0e1bf70f3d469fce467df72a9.exe
Size

1.3MB
MD5

747d66d0e1bf70f3d469fce467df72a9
SHA1

5864d829d4b029db263f46b02277894c091efb24
SHA256

a972027264eebea9d9c1c2242115e80edd581572ba6614e7fdefa789b7b45c52
SHA512

e6d07149c835378dae2aaf729018a1f6cf5b57ebeaacf44733ee951867fd097bd1c10720a53527958c8c45cf3ec754a5c464400c761222754472af0fd3592462
SSDEEP

24576:lPzhBYN78bXJILlRh9/28l6EPJyYIe8JCpyoQgxdCDmV5Pmeir9MYT1jDHdLNWc:l9BEVxHo8l6EP0Yz6qyo7DBmeeXzJNp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4912	747d66d0e1bf70f3d469fce467df72a9.exe

Executes dropped EXE 1 IoCs

pid	Process
4912	747d66d0e1bf70f3d469fce467df72a9.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2148-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000e00000002315f-11.dat	upx
behavioral2/memory/4912-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2148	747d66d0e1bf70f3d469fce467df72a9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2148	747d66d0e1bf70f3d469fce467df72a9.exe
4912	747d66d0e1bf70f3d469fce467df72a9.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 4912	2148	747d66d0e1bf70f3d469fce467df72a9.exe	87
PID 2148 wrote to memory of 4912	2148	747d66d0e1bf70f3d469fce467df72a9.exe	87
PID 2148 wrote to memory of 4912	2148	747d66d0e1bf70f3d469fce467df72a9.exe	87

C:\Users\Admin\AppData\Local\Temp\747d66d0e1bf70f3d469fce467df72a9.exe

Filesize
308KB

MD5
330fd39964cfa9ef19c9c557fe5f810d

SHA1
77b5b5176b2e51e79f05be101705e1efe7fa0504

SHA256
f348f9d98fccd38eb7f5421fc89edb6fda9b5a7b551f2b6ef5ecb62b627c6e97

SHA512
cf6d8c41bff345bd63acdef75651643d313524cb9381e7b3116a37289ff91519f38672829fdbf53dd9c5a539011a5a7c689c289dab4f8aea29dc80a501d68215

Download Submit
memory/2148-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2148-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2148-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2148-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4912-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4912-16-0x0000000001D60000-0x0000000001E93000-memory.dmp

Filesize
1.2MB

Download
memory/4912-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4912-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4912-22-0x0000000005660000-0x000000000588A000-memory.dmp

Filesize
2.2MB

Download
memory/4912-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download