8afed99cc5d88ec76db6a9b5d84e1c3491a9154bea07034dd58a05dde0c58ac2

Analysis

max time kernel
142s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 04:02

Target

7654c909bcf32676e7c8dbb88dd0082b.exe
Size

1.3MB
MD5

7654c909bcf32676e7c8dbb88dd0082b
SHA1

e8b4cbb7c6e34209431064b0a2013e0e4249eeb1
SHA256

8afed99cc5d88ec76db6a9b5d84e1c3491a9154bea07034dd58a05dde0c58ac2
SHA512

20256b9bee2abdf4f5c3c7d57f2ed798a804ed347c6b5b72ea18a2d5dbcb46354e919aeca8ab871c548fa15e70bf2c073ea30986f0ddf0ec240db3b25e6f82f2
SSDEEP

24576:XpB/YfZ1szVK+jJl1aOhSFAZgq6ngisbrPseTD+6HHqTD1SyECq4TdHZWKJXJ2UD:5BYZ1szZrhwA2q6gisPB7uD1nLZWKJnD

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4396	7654c909bcf32676e7c8dbb88dd0082b.exe

Executes dropped EXE 1 IoCs

pid	Process
4396	7654c909bcf32676e7c8dbb88dd0082b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4520-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0006000000023243-11.dat	upx
behavioral2/memory/4396-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4520	7654c909bcf32676e7c8dbb88dd0082b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4520	7654c909bcf32676e7c8dbb88dd0082b.exe
4396	7654c909bcf32676e7c8dbb88dd0082b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 4396	4520	7654c909bcf32676e7c8dbb88dd0082b.exe	87
PID 4520 wrote to memory of 4396	4520	7654c909bcf32676e7c8dbb88dd0082b.exe	87
PID 4520 wrote to memory of 4396	4520	7654c909bcf32676e7c8dbb88dd0082b.exe	87

C:\Users\Admin\AppData\Local\Temp\7654c909bcf32676e7c8dbb88dd0082b.exe

Filesize
312KB

MD5
952341039da47a954d30043cc50f7012

SHA1
d8229d32f766afb645fdc96cffa6140ebeeb9faa

SHA256
6e0c63b12fd30f2ddfe195b2b6e14f0a1928be6234a54a63afdd4dcbd1ffff8e

SHA512
0576b08faac3f4517cb81f52b7175a8fbccd84f8a3cef2ab9d0b67ded22f71381f48453f81beddf07403464ef5ee3a50cb059ee5df3a54a87aeba9dc653d9b3e

Download Submit
memory/4396-14-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/4396-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4396-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4396-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/4396-20-0x0000000005540000-0x0000000005762000-memory.dmp

Filesize
2.1MB

Download
memory/4396-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4520-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4520-1-0x0000000001CB0000-0x0000000001DE1000-memory.dmp

Filesize
1.2MB

Download
memory/4520-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4520-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download