31cd0013ba9c690cd6b8aa2932febdd5cfa2730230b7f02194f108a6f231716b

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 04:33

Target

76650b353d0580bbfd603c9bb2114332.exe
Size

2.7MB
MD5

76650b353d0580bbfd603c9bb2114332
SHA1

61cc0503f56fb288cf9247e3099c69d5cb7cbd50
SHA256

31cd0013ba9c690cd6b8aa2932febdd5cfa2730230b7f02194f108a6f231716b
SHA512

c10293e813dd59bd399f748c7e553664140cdeed0ca0381717901b8ef30d31d9d02e314fb2ab2040a6a6293eaca02c3f98fae47ee00c4c6e289c47e7980e48e9
SSDEEP

49152:J/7dbg3R6vljIy4siTzKBAztN10f8gzJ7agmdDT1ZgUbFYUWrMAYoR6RWrP2y/XK:J/7d5LiCBAzNW8gzJ+TdD59bFYEnoR65

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4584	76650b353d0580bbfd603c9bb2114332.exe

Executes dropped EXE 1 IoCs

pid	Process
4584	76650b353d0580bbfd603c9bb2114332.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5036-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023207-11.dat	upx
behavioral2/memory/4584-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5036	76650b353d0580bbfd603c9bb2114332.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5036	76650b353d0580bbfd603c9bb2114332.exe
4584	76650b353d0580bbfd603c9bb2114332.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 4584	5036	76650b353d0580bbfd603c9bb2114332.exe	54
PID 5036 wrote to memory of 4584	5036	76650b353d0580bbfd603c9bb2114332.exe	54
PID 5036 wrote to memory of 4584	5036	76650b353d0580bbfd603c9bb2114332.exe	54

C:\Users\Admin\AppData\Local\Temp\76650b353d0580bbfd603c9bb2114332.exe

Filesize
813KB

MD5
acfc978801a41b277cf9f49537a98e6b

SHA1
cd2d5ccd2cba5e4b09792d61fe8b6508e600ec40

SHA256
1ab1a24eb2342090864ccad7f52c8215707ee7bbd0cabc5d0edb4590ab93ee29

SHA512
01fc49a45ae58b855a9d897f531b458cf99f8e663ead2c84d9e6e8b9cd9f55fde8d165fac4e229e68972059fd90da178bbded179477ed15ed671b68fd36a78c5

Download Submit
memory/4584-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4584-15-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/4584-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4584-20-0x0000000005620000-0x000000000584A000-memory.dmp

Filesize
2.2MB

Download
memory/4584-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4584-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5036-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5036-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/5036-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5036-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download