d95df2c3d089db6ada002ca5473aa4b2ea5fc44f8f4fc6e213d1e8a015b2fad0

Analysis

max time kernel
133s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2024 06:44

Target

7c6a701477ef1d04f5a0400f7ef2e8e7.exe
Size

11.7MB
MD5

7c6a701477ef1d04f5a0400f7ef2e8e7
SHA1

236ce122312256a0abb580b6e52f27e031ddcc4b
SHA256

d95df2c3d089db6ada002ca5473aa4b2ea5fc44f8f4fc6e213d1e8a015b2fad0
SHA512

3dcdd359658a58e909811e97faa3e7ece2e232e9e3bbc91d5bcdb9664b8b07a7a0604c7f97a6575f469a7e2cfd1da843a095423a410b38c6636b049e5708343d
SSDEEP

196608:YIiVVgl/iBiPftLIagl/iBiPX/+vr/slGAvgl/iBiPftLIagl/iBiP:YZn2iw5Ia2ii/AslGAv2iw5Ia2i

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2808	7c6a701477ef1d04f5a0400f7ef2e8e7.exe

Executes dropped EXE 1 IoCs

pid	Process
2808	7c6a701477ef1d04f5a0400f7ef2e8e7.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4364-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0009000000022480-11.dat	upx
behavioral2/memory/2808-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4364	7c6a701477ef1d04f5a0400f7ef2e8e7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4364	7c6a701477ef1d04f5a0400f7ef2e8e7.exe
2808	7c6a701477ef1d04f5a0400f7ef2e8e7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4364 wrote to memory of 2808	4364	7c6a701477ef1d04f5a0400f7ef2e8e7.exe	89
PID 4364 wrote to memory of 2808	4364	7c6a701477ef1d04f5a0400f7ef2e8e7.exe	89
PID 4364 wrote to memory of 2808	4364	7c6a701477ef1d04f5a0400f7ef2e8e7.exe	89

C:\Users\Admin\AppData\Local\Temp\7c6a701477ef1d04f5a0400f7ef2e8e7.exe

Filesize
5.4MB

MD5
d8f9bca3953a1b0c2d8b128d76d825da

SHA1
fe5a94f48455d7f8acd3d90c16a4c36d14c78450

SHA256
8d747e8afb43396f763d64304953b354a0ae87628dcd9afa0f16c42b3a5cc955

SHA512
e23e8f256e212a416e1bd362ae6c56cd3bb11f2d897691535e780ad38d6fe7358e817a8940590e68a10d0a5ccd406b35dc5b37c68bdc4cce4497540df80c22db

Download Submit
memory/2808-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2808-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2808-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2808-20-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/2808-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2808-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4364-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4364-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4364-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4364-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download