c1a19c3e018c7bad61e5c2aca911775823a7dbd3fd6eb57aec5b0cdf9bc3ec62

Analysis

max time kernel
127s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 13:16

Target

7a59debdabf88d67201909a748524e0c.exe
Size

2.7MB
MD5

7a59debdabf88d67201909a748524e0c
SHA1

a3f67f0c9e62c86e3f91b5bba9c2078262e1696b
SHA256

c1a19c3e018c7bad61e5c2aca911775823a7dbd3fd6eb57aec5b0cdf9bc3ec62
SHA512

fc10331ae6c06de0662e929bd7648245b4c6b7c03b54f601deabae514f47f3344ea598446ebb0f7a5fae809937ea63312a8e2390539ed3b3b76accfeb996b046
SSDEEP

49152:oCgFz0lip5GRSglBLycTVmeR94T7DkKUx6/KkbNgBVOuSSkFXc+LVpfR9j:oCWxp0RSglBWfeHs7zU8ykbNkYuVkZLL

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4932	7a59debdabf88d67201909a748524e0c.exe

Executes dropped EXE 1 IoCs

pid	Process
4932	7a59debdabf88d67201909a748524e0c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4640-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000c000000023156-11.dat	upx
behavioral2/memory/4932-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4640	7a59debdabf88d67201909a748524e0c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4640	7a59debdabf88d67201909a748524e0c.exe
4932	7a59debdabf88d67201909a748524e0c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 4932	4640	7a59debdabf88d67201909a748524e0c.exe	22
PID 4640 wrote to memory of 4932	4640	7a59debdabf88d67201909a748524e0c.exe	22
PID 4640 wrote to memory of 4932	4640	7a59debdabf88d67201909a748524e0c.exe	22

C:\Users\Admin\AppData\Local\Temp\7a59debdabf88d67201909a748524e0c.exe

Filesize
116KB

MD5
e9bd857462e3301b5cab153f5da51b10

SHA1
74489f7752b15bdc18526770fdeb6d6862f39a14

SHA256
321b318307e924f54da1ab985a7a2504778e49e31d76d0f04cb6d9cabd537117

SHA512
c8d3584cb2deeb7c40f9240f1281fbb7b57f1600bce4e659362024d1b20d96aafb54d5e1ee1a51a959e3e566fb71ccf790a3f05813f17de015e04ca1134d592d

Download Submit
memory/4640-1-0x0000000001C80000-0x0000000001DB1000-memory.dmp

Filesize
1.2MB

Download
memory/4640-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4640-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4640-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4932-14-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/4932-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4932-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/4932-20-0x0000000005590000-0x00000000057B2000-memory.dmp

Filesize
2.1MB

Download
memory/4932-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4932-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download