a4fb3723c24c20ebd4e68e52f3c140e9b9a2e7f306e01d89f5ea977482d72382

Analysis

max time kernel
92s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 12:19

Target

7a3affe99794fc37d8656a4829a0cf6a.exe
Size

10.1MB
MD5

7a3affe99794fc37d8656a4829a0cf6a
SHA1

5c924e0dc848ebf9f01a98e37485298d9d0c114b
SHA256

a4fb3723c24c20ebd4e68e52f3c140e9b9a2e7f306e01d89f5ea977482d72382
SHA512

0a95fcbaf67ba1b9c282bd3974ce190bc90001eef17257f702f7efcb68a3db11948c8c4b1688e77da71db8c24cc265456d9401df5d929b1a89ed806483a55cfe
SSDEEP

196608:h7Ta1FWC7NLhjqwfAWCO+EpWC7NLhjqwfAWCi:dTaXZjj+NEpZjj+A

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4612	7a3affe99794fc37d8656a4829a0cf6a.exe

Executes dropped EXE 1 IoCs

pid	Process
4612	7a3affe99794fc37d8656a4829a0cf6a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2396-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000a000000023007-12.dat	upx
behavioral2/memory/4612-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2396	7a3affe99794fc37d8656a4829a0cf6a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2396	7a3affe99794fc37d8656a4829a0cf6a.exe
4612	7a3affe99794fc37d8656a4829a0cf6a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 4612	2396	7a3affe99794fc37d8656a4829a0cf6a.exe	88
PID 2396 wrote to memory of 4612	2396	7a3affe99794fc37d8656a4829a0cf6a.exe	88
PID 2396 wrote to memory of 4612	2396	7a3affe99794fc37d8656a4829a0cf6a.exe	88

C:\Users\Admin\AppData\Local\Temp\7a3affe99794fc37d8656a4829a0cf6a.exe

Filesize
10.1MB

MD5
0081a6cf98ab6fb0e599a15081b0a80e

SHA1
acd65167ac91a5c6cd53411c4881a73ec34708e1

SHA256
bc2ac8a5394905b6fad526bd077d026a5262ef6c52947e3f459ef8a334584c65

SHA512
1a56ec61eff88d60724c145900c96219deaedd2d48cffcd424296af6a1e647b8b93c107588e0a5db6a75d65b904403a369757887d8135128cab7a14eb8a90354

Download Submit
memory/2396-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2396-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2396-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2396-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4612-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4612-15-0x0000000001C50000-0x0000000001D83000-memory.dmp

Filesize
1.2MB

Download
memory/4612-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4612-21-0x0000000005550000-0x000000000577A000-memory.dmp

Filesize
2.2MB

Download
memory/4612-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4612-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download