29b79e9553131e4866906744ed07a5896b622095376d0fe553934fa699b8f3a1

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2024 04:29

Target

766293eec2c624416a326e3f10434eca.exe
Size

1.3MB
MD5

766293eec2c624416a326e3f10434eca
SHA1

dd79dc64fdc9828bf3178cf3684cfa6f155dce90
SHA256

29b79e9553131e4866906744ed07a5896b622095376d0fe553934fa699b8f3a1
SHA512

146267f8e6f096f4a6b9ec7d0e893cb48fd79e64726a8ee2f28b9d7718cbd5a697efdf09fcf5e48efe83d814118d07762fd05695bf79e09cdad159e4c797f93a
SSDEEP

24576:KX4nwvufwfxGkfIV3uYkH2tFWe9KNUQ2CIX3mBt8vUAdDr2KhriOWc:KX4nwvuIUMXegNOmoUAxr2KliOp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3732	766293eec2c624416a326e3f10434eca.exe

Executes dropped EXE 1 IoCs

pid	Process
3732	766293eec2c624416a326e3f10434eca.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1892-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00070000000231fb-11.dat	upx
behavioral2/memory/3732-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1892	766293eec2c624416a326e3f10434eca.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1892	766293eec2c624416a326e3f10434eca.exe
3732	766293eec2c624416a326e3f10434eca.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 3732	1892	766293eec2c624416a326e3f10434eca.exe	85
PID 1892 wrote to memory of 3732	1892	766293eec2c624416a326e3f10434eca.exe	85
PID 1892 wrote to memory of 3732	1892	766293eec2c624416a326e3f10434eca.exe	85

C:\Users\Admin\AppData\Local\Temp\766293eec2c624416a326e3f10434eca.exe

Filesize
489KB

MD5
eac4b38b025edff0d0dabfe1e21bb688

SHA1
9bdadced9ba0df819fd5caf3b7a22b976e6ad15d

SHA256
75319db31526fe2fb6dc217835452a09b16cf42aea97da25e59baa224247f6bd

SHA512
549275ca7599b401be16ef937c70cb7322a8f5cf01febb624d6892e9998d202f69db820b76e75dfc4f310ee7214022907aed7e6ba75c8fa83314ee5a395af0b9

Download Submit
memory/1892-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1892-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1892-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1892-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3732-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3732-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3732-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3732-20-0x0000000005520000-0x000000000574A000-memory.dmp

Filesize
2.2MB

Download
memory/3732-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3732-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download