5c7a46fa8aa7665c4e01cfee9e6aa7e7ce568c44b1d6d951eafe8fa68bc44f1b

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 13:23

Target

7d3eeee6bbb75181117f5540259733a7.exe
Size

5.8MB
MD5

7d3eeee6bbb75181117f5540259733a7
SHA1

9639e7e2984094cb831de2bda5504dc616c7bb6e
SHA256

5c7a46fa8aa7665c4e01cfee9e6aa7e7ce568c44b1d6d951eafe8fa68bc44f1b
SHA512

86649db6c9e79630e02d2c2a369a93667dd91688f911dfa79b8e93f50921a91a392731278e5c3af531d3ec347ae0c70e984a7367a02de8e07bd843a08bde9292
SSDEEP

98304:Quh7KXvnkceNRC1st2C4HBUCczzM3S2NKVS5aXLjAjiKqr4HBUCczzM3:Q8WkceL9wWCu2NKV2LWK3WC

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3912	7d3eeee6bbb75181117f5540259733a7.exe

Executes dropped EXE 1 IoCs

pid	Process
3912	7d3eeee6bbb75181117f5540259733a7.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3624-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0006000000023233-11.dat	upx
behavioral2/memory/3912-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3624	7d3eeee6bbb75181117f5540259733a7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3624	7d3eeee6bbb75181117f5540259733a7.exe
3912	7d3eeee6bbb75181117f5540259733a7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 3912	3624	7d3eeee6bbb75181117f5540259733a7.exe	83
PID 3624 wrote to memory of 3912	3624	7d3eeee6bbb75181117f5540259733a7.exe	83
PID 3624 wrote to memory of 3912	3624	7d3eeee6bbb75181117f5540259733a7.exe	83

C:\Users\Admin\AppData\Local\Temp\7d3eeee6bbb75181117f5540259733a7.exe

Filesize
1.4MB

MD5
babd4a27aeb6e8db8412274e544d65ef

SHA1
c1b6de03f47b596779f9227dc737af483199a227

SHA256
80229f4f032929e483d7c17fd2ab3c03c812e8be0e17d8b6c7d9e86af8b03b28

SHA512
d7e5614dcc36980da2320690f090183a24e9cf7e25cef64ca8055754c178fc5f1c691ea966af40225b98758f438ff15a1ce6b5346c7fb10665e5fe0aea8151d3

Download Submit
memory/3624-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3624-1-0x0000000001D60000-0x0000000001E93000-memory.dmp

Filesize
1.2MB

Download
memory/3624-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3624-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3912-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3912-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3912-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3912-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3912-20-0x0000000005550000-0x000000000577A000-memory.dmp

Filesize
2.2MB

Download
memory/3912-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download