65bf3e9db02de820042e27e6a89acfb4259635e378ff48f5c266833c5f8c721a

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 10:45

Target

747e077b94ea8c32a6e14bfd9f8ae887.exe
Size

2.7MB
MD5

747e077b94ea8c32a6e14bfd9f8ae887
SHA1

3b1e1f4099a7a0e5a6bbef2a437de1c02b3a237b
SHA256

65bf3e9db02de820042e27e6a89acfb4259635e378ff48f5c266833c5f8c721a
SHA512

71c53749bc7d0f8cb85bbf9c8b6f87c108172e2366150b7dd1fbfdf50cec50bd236a37e135f6b45812be8ad62828a6715c63ed8fd91d443b0437697b4805965d
SSDEEP

49152:6bjKyKQgaKnkbo8nvW3nM40rWTe7gMtGfzb0VMF2Ua4d3IpLfrpiuwCXf:gjytkb/n+3buWStGfidUaiMLDpJXf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4932	747e077b94ea8c32a6e14bfd9f8ae887.exe

Executes dropped EXE 1 IoCs

pid	Process
4932	747e077b94ea8c32a6e14bfd9f8ae887.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3608-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002321a-11.dat	upx
behavioral2/memory/4932-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3608	747e077b94ea8c32a6e14bfd9f8ae887.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3608	747e077b94ea8c32a6e14bfd9f8ae887.exe
4932	747e077b94ea8c32a6e14bfd9f8ae887.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3608 wrote to memory of 4932	3608	747e077b94ea8c32a6e14bfd9f8ae887.exe	84
PID 3608 wrote to memory of 4932	3608	747e077b94ea8c32a6e14bfd9f8ae887.exe	84
PID 3608 wrote to memory of 4932	3608	747e077b94ea8c32a6e14bfd9f8ae887.exe	84

C:\Users\Admin\AppData\Local\Temp\747e077b94ea8c32a6e14bfd9f8ae887.exe

Filesize
927KB

MD5
271bb0ef2458a3450825357f4885ed8a

SHA1
88421da35e438abf85b1241163df65b1411cbd1f

SHA256
c0db781194d21c328ba59002812f4a296d286f166f2d2f9924cacf7969025eb7

SHA512
5ba2861ee665cfab011309210cb655e0bdd96b34a378a9f33aef4bb5212359ce1aeb33e2ae28702f654d45aaa8a22678f8fc49429f250ae46d2f9b63ed1c1d4b

Download Submit
memory/3608-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3608-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3608-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3608-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4932-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4932-15-0x0000000001C80000-0x0000000001DB3000-memory.dmp

Filesize
1.2MB

Download
memory/4932-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4932-20-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/4932-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4932-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download