0d0cbe7d1a29d5a3e2897e2988c2834f32dc92fd5565d4f694c3d31a48c6da2e

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 14:20

Target

7a78f5d9d6b120146b6dd9d542a4f26d.exe
Size

1.5MB
MD5

7a78f5d9d6b120146b6dd9d542a4f26d
SHA1

fef83865398c63c755fbbc2ff4e9b39b2861e696
SHA256

0d0cbe7d1a29d5a3e2897e2988c2834f32dc92fd5565d4f694c3d31a48c6da2e
SHA512

9b630400c4d2a81ad94d46478105511aaa4026ece73c453932925f1fb6dd13010defd9b75ad3b8116d2d5185535d643d1af0cbcffb173a8ce2ef69747ee90a88
SSDEEP

24576:wjo4uvgEvngmJzlsr4R64flxs7UKbJ3Dn8ftKdGlqhGb3IwAKh+W:wqv9ls0Rbf0NpgUngb3IwAKk

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
5080	7a78f5d9d6b120146b6dd9d542a4f26d.exe

Executes dropped EXE 1 IoCs

pid	Process
5080	7a78f5d9d6b120146b6dd9d542a4f26d.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4792-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00070000000231fd-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4792	7a78f5d9d6b120146b6dd9d542a4f26d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4792	7a78f5d9d6b120146b6dd9d542a4f26d.exe
5080	7a78f5d9d6b120146b6dd9d542a4f26d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4792 wrote to memory of 5080	4792	7a78f5d9d6b120146b6dd9d542a4f26d.exe	57
PID 4792 wrote to memory of 5080	4792	7a78f5d9d6b120146b6dd9d542a4f26d.exe	57
PID 4792 wrote to memory of 5080	4792	7a78f5d9d6b120146b6dd9d542a4f26d.exe	57

C:\Users\Admin\AppData\Local\Temp\7a78f5d9d6b120146b6dd9d542a4f26d.exe

Filesize
136KB

MD5
1478147063f12a2ae0d9fd6f85a43c70

SHA1
07ae8365c472f6190827da7ab7a2c6e2d4e20f73

SHA256
1ce049282e0896c3ae412e953f0ad2b85a25344b2dc6ef19359c5065b2ff5bc1

SHA512
f306ffb94633add29240aa78feece5565fd0f79a4626d524b665481befd09a5035e9cb50aa4b6f3ef43b8c964e561153970d41c1883937fdd5a44330fda2e723

Download Submit
memory/4792-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4792-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4792-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4792-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5080-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5080-13-0x0000000001CD0000-0x0000000001E03000-memory.dmp

Filesize
1.2MB

Download
memory/5080-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5080-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/5080-20-0x00000000055D0000-0x00000000057FA000-memory.dmp

Filesize
2.2MB

Download
memory/5080-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download