41267175386f849b21b4d613e0992d040051c0f64d855d8587a7ad4141e93b20

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2024 23:04

Target

78a0ab7c851c03345467603c1f344c27.exe
Size

1.5MB
MD5

78a0ab7c851c03345467603c1f344c27
SHA1

3a7e1626d222ea5ced8726cbbf862ed56b897ffa
SHA256

41267175386f849b21b4d613e0992d040051c0f64d855d8587a7ad4141e93b20
SHA512

e7e3d764cbe75c2a676131fe1f1e7d15a45058489b579adf391de2dac06f3b4c1b0b2ff77f447fa681135f461559cf6e249467512900ce3c35477f6d4fa493bf
SSDEEP

24576:7aQ6A1WXFGyAF/IRYfKo8/Ondw9NwDXl+zMYAPpruxfIg+XJtDXW:6AIMMRQ8/H4DAIZruRIg+5ZX

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3732	78a0ab7c851c03345467603c1f344c27.exe

Executes dropped EXE 1 IoCs

pid	Process
3732	78a0ab7c851c03345467603c1f344c27.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2556-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00070000000231f5-11.dat	upx
behavioral2/memory/3732-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2556	78a0ab7c851c03345467603c1f344c27.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2556	78a0ab7c851c03345467603c1f344c27.exe
3732	78a0ab7c851c03345467603c1f344c27.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 3732	2556	78a0ab7c851c03345467603c1f344c27.exe	84
PID 2556 wrote to memory of 3732	2556	78a0ab7c851c03345467603c1f344c27.exe	84
PID 2556 wrote to memory of 3732	2556	78a0ab7c851c03345467603c1f344c27.exe	84

C:\Users\Admin\AppData\Local\Temp\78a0ab7c851c03345467603c1f344c27.exe

Filesize
672KB

MD5
f4be68b7ddbddd625cc72abb7c8f8e7a

SHA1
4cdf9672dd4a92b59f8d0ee968bbde21228b37a7

SHA256
0af0cab3a0508f2a9a214c989663468eacac50ede27aa4bf1493156448ec4ac5

SHA512
b21bbb304d28477dba55005f13def2f249fa40e86ace1b5acf1341da0c42a4a078b14af50f8a27f6882b71efe9e757af59e630b2f87ec9963a10c8a6b137d1f1

Download Submit
memory/2556-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2556-1-0x0000000001D90000-0x0000000001EC3000-memory.dmp

Filesize
1.2MB

Download
memory/2556-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2556-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3732-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3732-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3732-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3732-21-0x00000000055B0000-0x00000000057DA000-memory.dmp

Filesize
2.2MB

Download
memory/3732-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3732-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download