ed91f3aa899310245bcf209fb1b40f2746ed8de81ffbe6525f56dea49a7add95

Analysis

max time kernel
118s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2024 05:11

Target

7c3d5621e7ae4fef5085666798ec05a8.exe
Size

2.7MB
MD5

7c3d5621e7ae4fef5085666798ec05a8
SHA1

80472781e6f9ea8a6e0b3cf3709b41943a311bba
SHA256

ed91f3aa899310245bcf209fb1b40f2746ed8de81ffbe6525f56dea49a7add95
SHA512

b09430ed14c382a9e96691a23647be75e4fc3a81764788ea17afffed0b5fa0ec52bc3007a3d8ee740c635941afabe8cde0752114cd524e2f3c7d47f6f6c15423
SSDEEP

49152:Ar2x16QA6wDxLDCvnoCIlRUrR92v5ZLxV/hw6HcC1PLbVaA2DprR9j:AmzSLDCPo6HQrLVw6XTbVafJHj

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3464	7c3d5621e7ae4fef5085666798ec05a8.exe

Executes dropped EXE 1 IoCs

pid	Process
3464	7c3d5621e7ae4fef5085666798ec05a8.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4720-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/memory/3464-12-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000c00000002315b-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4720	7c3d5621e7ae4fef5085666798ec05a8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4720	7c3d5621e7ae4fef5085666798ec05a8.exe
3464	7c3d5621e7ae4fef5085666798ec05a8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 3464	4720	7c3d5621e7ae4fef5085666798ec05a8.exe	85
PID 4720 wrote to memory of 3464	4720	7c3d5621e7ae4fef5085666798ec05a8.exe	85
PID 4720 wrote to memory of 3464	4720	7c3d5621e7ae4fef5085666798ec05a8.exe	85

C:\Users\Admin\AppData\Local\Temp\7c3d5621e7ae4fef5085666798ec05a8.exe

Filesize
2.7MB

MD5
a5bbc40f987d758c571bcb4ab9568822

SHA1
e4c3744e1877d70b3fef3ed17bd463de6e43f203

SHA256
6a152241f04bff96664a047c4c9ca99bde7cecbece92209a5f3d5cd239e2f963

SHA512
3995f3bd958344cf37807a3c87f448e318b7071fe0160d283610dfa8ab71f20fc139fd188c25c336a831a98e3d6f5e6a526a248ac7582ae9b245ef86691dbbf2

Download Submit
memory/3464-12-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3464-15-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/3464-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3464-20-0x0000000005580000-0x00000000057A2000-memory.dmp

Filesize
2.1MB

Download
memory/3464-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/3464-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4720-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4720-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/4720-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4720-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download