8cbbdfe1afad2002bf8ec3b50d271609eaf77347b8594a6204056727a76a848d

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2024 15:43

Target

77bfd76f445a6dce87e6843502804e33.exe
Size

1.3MB
MD5

77bfd76f445a6dce87e6843502804e33
SHA1

c97cc4c2338238c59ca3f003a9b073cbf9f2a1d3
SHA256

8cbbdfe1afad2002bf8ec3b50d271609eaf77347b8594a6204056727a76a848d
SHA512

e9c60259b69c325f97cc6c473469e8650bf02059b952dd6d364e14f839c38d1dff70b9d007317a11c28b2a467b473799b14ff18151c024a77e98412422a21764
SSDEEP

24576:9t/dAikPXfhMCvUqjeEs0oDBN2m3IMnFnTf6KwcI4iUXl5mAcGU9/9Us:9BdAikPXem00oDn2q9dI4iUjmAcZR9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4616	77bfd76f445a6dce87e6843502804e33.exe

Executes dropped EXE 1 IoCs

pid	Process
4616	77bfd76f445a6dce87e6843502804e33.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5036-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x00070000000231f9-11.dat	upx
behavioral2/memory/4616-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5036	77bfd76f445a6dce87e6843502804e33.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5036	77bfd76f445a6dce87e6843502804e33.exe
4616	77bfd76f445a6dce87e6843502804e33.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 4616	5036	77bfd76f445a6dce87e6843502804e33.exe	86
PID 5036 wrote to memory of 4616	5036	77bfd76f445a6dce87e6843502804e33.exe	86
PID 5036 wrote to memory of 4616	5036	77bfd76f445a6dce87e6843502804e33.exe	86

C:\Users\Admin\AppData\Local\Temp\77bfd76f445a6dce87e6843502804e33.exe

Filesize
189KB

MD5
2527df63da553bf7eb58c91b05ff8e82

SHA1
5914c1b1a7d96a4800fcdd46c6dd3e4960cca545

SHA256
7eaf79350e0f2daca40ad66cf5d450da31278d48f7be70a8970a830bd6100262

SHA512
63ed245ca7bc3f611cd300ad7b686ef1c4343c429292bb928dd33828f44863a85f3594cdab35a42951c53848f634ce26efa0ea197c1eedf92a4ce989249f5be4

Download Submit
memory/4616-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4616-15-0x0000000001D80000-0x0000000001EB1000-memory.dmp

Filesize
1.2MB

Download
memory/4616-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4616-20-0x0000000005670000-0x0000000005892000-memory.dmp

Filesize
2.1MB

Download
memory/4616-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/4616-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/5036-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/5036-1-0x0000000001C70000-0x0000000001DA1000-memory.dmp

Filesize
1.2MB

Download
memory/5036-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/5036-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download