8963de5312827701131411828c83c699594b54008354135ae018e518f2de1f9c

Analysis

max time kernel
139s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 09:02

Target

7cb601b818133ca5fef1bf7c947877b2.exe
Size

2.9MB
MD5

7cb601b818133ca5fef1bf7c947877b2
SHA1

bfef46ce1e26d9332638de2106019c35b3b067b7
SHA256

8963de5312827701131411828c83c699594b54008354135ae018e518f2de1f9c
SHA512

8bb914e7fee872394c106f3661ba90e940784fbc34c61a87c5b8e229ddc74737733a5307d685862a47498b61223d62577ea0700c7641107f567bcc24be047f56
SSDEEP

49152:vwD2YaRVCdtfIQg4Oe7MBvgpgeoP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:vwD2v87gQ/OeIBvheogg3gnl/IVUs1jl

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2032	7cb601b818133ca5fef1bf7c947877b2.exe

Executes dropped EXE 1 IoCs

pid	Process
2032	7cb601b818133ca5fef1bf7c947877b2.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3752-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000600000002311c-11.dat	upx
behavioral2/memory/2032-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3752	7cb601b818133ca5fef1bf7c947877b2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3752	7cb601b818133ca5fef1bf7c947877b2.exe
2032	7cb601b818133ca5fef1bf7c947877b2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3752 wrote to memory of 2032	3752	7cb601b818133ca5fef1bf7c947877b2.exe	88
PID 3752 wrote to memory of 2032	3752	7cb601b818133ca5fef1bf7c947877b2.exe	88
PID 3752 wrote to memory of 2032	3752	7cb601b818133ca5fef1bf7c947877b2.exe	88

C:\Users\Admin\AppData\Local\Temp\7cb601b818133ca5fef1bf7c947877b2.exe

Filesize
2.9MB

MD5
426395b868f4255e26b97e9d049e748b

SHA1
edfbfc1a7b3d83277b9eadcd80321034e29440a6

SHA256
110d5e8a30b6e564d7f61c6dbe044819945c51234cbbb58812d70430527bf530

SHA512
8d4c3de478d4870965f5e5d2daafe6227de242e849333e176eac51464b9c0254355779816ab1538395d39f4edb6ec95639d7dc2786b83194c4e5c4f07051aa18

Download Submit
memory/2032-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2032-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2032-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2032-20-0x0000000005650000-0x000000000587A000-memory.dmp

Filesize
2.2MB

Download
memory/2032-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2032-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3752-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3752-1-0x0000000001C90000-0x0000000001DC3000-memory.dmp

Filesize
1.2MB

Download
memory/3752-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3752-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download