672d689dbfa1b4a3ce68444c0bda9ebbd7b4d6289a17887ebc60d8913c1965f6

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 22:58

Target

7e3add20dfc848c75d0255d724f5946c.exe
Size

5.8MB
MD5

7e3add20dfc848c75d0255d724f5946c
SHA1

8f30a964fdd3c7ffe585cc3564ac1e77862daed8
SHA256

672d689dbfa1b4a3ce68444c0bda9ebbd7b4d6289a17887ebc60d8913c1965f6
SHA512

b976015c0d7d10522c9e38e8459f0079749b9d135373b94c56babe70657ede70c165093f348684fb12bd6bafb127c5147334d69f1a739b9b72fcb14738880c57
SSDEEP

98304:rwonZXuHOtruvshvWsHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNQ:04riv2fauq1jI86FA7y2auq1jI86

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
644	7e3add20dfc848c75d0255d724f5946c.exe

Executes dropped EXE 1 IoCs

pid	Process
644	7e3add20dfc848c75d0255d724f5946c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4776-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0006000000023218-11.dat	upx
behavioral2/memory/644-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4776	7e3add20dfc848c75d0255d724f5946c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4776	7e3add20dfc848c75d0255d724f5946c.exe
644	7e3add20dfc848c75d0255d724f5946c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4776 wrote to memory of 644	4776	7e3add20dfc848c75d0255d724f5946c.exe	84
PID 4776 wrote to memory of 644	4776	7e3add20dfc848c75d0255d724f5946c.exe	84
PID 4776 wrote to memory of 644	4776	7e3add20dfc848c75d0255d724f5946c.exe	84

C:\Users\Admin\AppData\Local\Temp\7e3add20dfc848c75d0255d724f5946c.exe

Filesize
1.1MB

MD5
1ba9a3131bfe9c9f56955e9e9154d124

SHA1
b5c35c499b9e306b7bbba88385c2fc6a13499ff6

SHA256
c0452add3f5763ec09de6f2b102f6736b9adefe6cd0da510e6e27412494314db

SHA512
da2ebcb849642e93135aaa7ae8e1aebf9cb98b59c516f61ebb04724d2eca33ba3446017915d4f2b22101e91106ea5e6e0aa7fa0aa3587060288f3473dea2c7cf

Download Submit
memory/644-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/644-14-0x0000000001CB0000-0x0000000001DE3000-memory.dmp

Filesize
1.2MB

Download
memory/644-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/644-20-0x00000000055B0000-0x00000000057DA000-memory.dmp

Filesize
2.2MB

Download
memory/644-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/644-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4776-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4776-1-0x0000000001BF0000-0x0000000001D23000-memory.dmp

Filesize
1.2MB

Download
memory/4776-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4776-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download