92ee4a3949a2b78273e7f5a22d411e3895975b20f1e482ef409c31444b849df0

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 14:21

Target

77965eb6db12a4a4ff7286556b742fec.exe
Size

5.8MB
MD5

77965eb6db12a4a4ff7286556b742fec
SHA1

8808087cda2daefd4bc45c69a706bb219c1a3458
SHA256

92ee4a3949a2b78273e7f5a22d411e3895975b20f1e482ef409c31444b849df0
SHA512

80bbed5f17e2c41d894d6b2227c1668078800b41a7eea7baf26cc04f22da55417c933e0de94242905b511f12ab3ad17f88c6b58e871bfe7f7bcc977f7d7058e5
SSDEEP

98304:OlF73GX+M3IMOY99OHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwv:eM+AIMOY99Eauq1jI86FA7y2auq1jI86

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2188	77965eb6db12a4a4ff7286556b742fec.exe

Executes dropped EXE 1 IoCs

pid	Process
2188	77965eb6db12a4a4ff7286556b742fec.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2940-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023203-11.dat	upx
behavioral2/memory/2188-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2940	77965eb6db12a4a4ff7286556b742fec.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2940	77965eb6db12a4a4ff7286556b742fec.exe
2188	77965eb6db12a4a4ff7286556b742fec.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 2188	2940	77965eb6db12a4a4ff7286556b742fec.exe	86
PID 2940 wrote to memory of 2188	2940	77965eb6db12a4a4ff7286556b742fec.exe	86
PID 2940 wrote to memory of 2188	2940	77965eb6db12a4a4ff7286556b742fec.exe	86

C:\Users\Admin\AppData\Local\Temp\77965eb6db12a4a4ff7286556b742fec.exe

Filesize
5.8MB

MD5
0b7318fe6885149023f66eb9a4f7c4a1

SHA1
47d5eb4de309ac48c22ce910831cebcb5883d1ba

SHA256
9ff96eea392078c9b63cd70055ee0796b71f851c86f7cb1212fd4f8e5dfaecbd

SHA512
d7ef7ee47709b6369cd0d5351863f726ee1c359b706c4eefd5f3e70f077249cb31d8ac7555fdbddac15288826d8cc58b2785c954609986eb5fe9311109eba207

Download Submit
memory/2188-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2188-15-0x0000000001CF0000-0x0000000001E23000-memory.dmp

Filesize
1.2MB

Download
memory/2188-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2188-20-0x00000000055F0000-0x000000000581A000-memory.dmp

Filesize
2.2MB

Download
memory/2188-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2188-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2940-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2940-1-0x0000000001C90000-0x0000000001DC3000-memory.dmp

Filesize
1.2MB

Download
memory/2940-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2940-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download