0c65a7b42b8a008eb901ed5f4a68c9add502c1f5792d18f9bd560fa20c5b9e6f

Analysis

max time kernel
90s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/01/2024, 05:52

Target

7f0dae4d03e8c3965e009ad97d7a0c25.exe
Size

11.7MB
MD5

7f0dae4d03e8c3965e009ad97d7a0c25
SHA1

8f280c10c92b3211103a274129369084f166c44d
SHA256

0c65a7b42b8a008eb901ed5f4a68c9add502c1f5792d18f9bd560fa20c5b9e6f
SHA512

aa50281163e5b868dfe3914448d8087b8af2a85dff29c1086cdbf1fdd758aa2a8de66a68e1dbe63923ea590df986b7ceb1b698c127a99cc0afa9c6ffe801d11d
SSDEEP

196608:0f2Vu3gl/iBiPWhiVFZgl/iBiPxKyd+uPgl/iBiPWhiVFZgl/iBiP:Qs62ioFZ2iNUJ2ioFZ2i

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3128	7f0dae4d03e8c3965e009ad97d7a0c25.exe

Executes dropped EXE 1 IoCs

pid	Process
3128	7f0dae4d03e8c3965e009ad97d7a0c25.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1272-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023224-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1272	7f0dae4d03e8c3965e009ad97d7a0c25.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1272	7f0dae4d03e8c3965e009ad97d7a0c25.exe
3128	7f0dae4d03e8c3965e009ad97d7a0c25.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 3128	1272	7f0dae4d03e8c3965e009ad97d7a0c25.exe	88
PID 1272 wrote to memory of 3128	1272	7f0dae4d03e8c3965e009ad97d7a0c25.exe	88
PID 1272 wrote to memory of 3128	1272	7f0dae4d03e8c3965e009ad97d7a0c25.exe	88

C:\Users\Admin\AppData\Local\Temp\7f0dae4d03e8c3965e009ad97d7a0c25.exe

Filesize
202KB

MD5
6fd4b7abc5db065e48babdb63ae5983b

SHA1
7fcc25998ba3fb65a81b36a6f19ea70cac00b5bd

SHA256
5eae8ff15d3f5e1ac0cb5c840e71a948b32314eeb58f28c12a5fcee953c0c5c1

SHA512
18a4c12c430c20fecf4e99c0404cc05f25fbd2978c6843a090e3d51b22d45982e22697471a64ebb565278e4281ca6f32fcd68b20e9bf0751660a3f5df871758e

Download Submit
memory/1272-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1272-1-0x0000000001CA0000-0x0000000001DD3000-memory.dmp

Filesize
1.2MB

Download
memory/1272-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1272-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3128-13-0x0000000001DA0000-0x0000000001ED3000-memory.dmp

Filesize
1.2MB

Download
memory/3128-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3128-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3128-21-0x00000000056A0000-0x00000000058CA000-memory.dmp

Filesize
2.2MB

Download
memory/3128-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3128-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download