36ea5a5e3414e130e182c3565f8501e30a17a1e3d2e269252a8c92ef61079148

Analysis

max time kernel
93s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/01/2024, 01:53

Target

7e91b8d468217f1143210bd3697d802f.exe
Size

2.7MB
MD5

7e91b8d468217f1143210bd3697d802f
SHA1

a2fdc33ae493c877b3e27c015ab4795bf53f9ef6
SHA256

36ea5a5e3414e130e182c3565f8501e30a17a1e3d2e269252a8c92ef61079148
SHA512

4147afbc2e400a5591391f14a984b7d94b600d8ed04474c5236f9b893a2d7fdc307ff1a5f054c4f390e25691430b2da442e80c3d0d127e885a18194a7fad37ce
SSDEEP

49152:raL9oV5U33BoyDADAdILkxMrcKiFASR9ktBc1+Q4YdxSChG38bDUggR9t:ds3RohYnEvi5HktBcwQDM2YIDULHt

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3408	7e91b8d468217f1143210bd3697d802f.exe

Executes dropped EXE 1 IoCs

pid	Process
3408	7e91b8d468217f1143210bd3697d802f.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3452-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0006000000023111-11.dat	upx
behavioral2/memory/3408-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3452	7e91b8d468217f1143210bd3697d802f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3452	7e91b8d468217f1143210bd3697d802f.exe
3408	7e91b8d468217f1143210bd3697d802f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 3408	3452	7e91b8d468217f1143210bd3697d802f.exe	83
PID 3452 wrote to memory of 3408	3452	7e91b8d468217f1143210bd3697d802f.exe	83
PID 3452 wrote to memory of 3408	3452	7e91b8d468217f1143210bd3697d802f.exe	83

C:\Users\Admin\AppData\Local\Temp\7e91b8d468217f1143210bd3697d802f.exe

Filesize
2.7MB

MD5
79c1e4ab616b9aee715177b120ad3761

SHA1
af1e726e9a58b74783bd6c725321236c9f5da652

SHA256
78fde6098de84c97a34fa90f1ded48beabecaafeae6c0c2741a3ca97dfae4b84

SHA512
6fb14933a272d84d651696751a1f9d3bc2a7a9112f5c5c28f75e4407e2840334bdd2e3244a44c8696c7fe8fa59fe331550fd649bd331d388eafdddd575b78482

Download Submit
memory/3408-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3408-15-0x0000000001DF0000-0x0000000001F21000-memory.dmp

Filesize
1.2MB

Download
memory/3408-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3408-20-0x00000000056E0000-0x0000000005902000-memory.dmp

Filesize
2.1MB

Download
memory/3408-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/3408-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3452-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3452-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/3452-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3452-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download