be866f4d72991d2e3e6a7e1ddcd5171e4d82cdb6f4de54d651961acc68e82e54

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/01/2024, 11:04

Target

7faea91cc3255be534c9c6250adc81c8.exe
Size

2.7MB
MD5

7faea91cc3255be534c9c6250adc81c8
SHA1

ac81a2fecfcedb767ac010a7383ae14395544f2f
SHA256

be866f4d72991d2e3e6a7e1ddcd5171e4d82cdb6f4de54d651961acc68e82e54
SHA512

7d62194255ad90565f2ce98cc7644de73948c648e63a1c19233b01f9b9a12b187effed9adbae95ff2fa862b93cd219637abfcb00eeef2812be5558a8256e9c1c
SSDEEP

49152:iGIHfGGVSoP44ce3BfAb55Gmr+OZ8dWr02R9mttZ3lMOnmMfmo6G1oqoti8R9j:i3fbVJ8SSJt6dWr02HmttZRnmGmo6G1A

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4528	7faea91cc3255be534c9c6250adc81c8.exe

Executes dropped EXE 1 IoCs

pid	Process
4528	7faea91cc3255be534c9c6250adc81c8.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4960-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0006000000023215-11.dat	upx
behavioral2/memory/4528-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4960	7faea91cc3255be534c9c6250adc81c8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4960	7faea91cc3255be534c9c6250adc81c8.exe
4528	7faea91cc3255be534c9c6250adc81c8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 4528	4960	7faea91cc3255be534c9c6250adc81c8.exe	84
PID 4960 wrote to memory of 4528	4960	7faea91cc3255be534c9c6250adc81c8.exe	84
PID 4960 wrote to memory of 4528	4960	7faea91cc3255be534c9c6250adc81c8.exe	84

C:\Users\Admin\AppData\Local\Temp\7faea91cc3255be534c9c6250adc81c8.exe

Filesize
1.3MB

MD5
1026f51d0344d93e62be6f14809c0665

SHA1
137c1093d677ec525fd972117296e1afc16b526d

SHA256
ad897d5158e6e6ea6ce5c80c1910715f65701eea0421475c7e535216ddf5a561

SHA512
50faa923ba36dd08ae015638f2e823d98889532cea2fa2d57c7c1c66758d435dd73d3860bfa8300b639c853a4038dfb5fa4ec75b89655d97c2c2a820d68f1ac6

Download Submit
memory/4528-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4528-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4528-14-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/4528-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/4528-20-0x00000000056A0000-0x00000000058C2000-memory.dmp

Filesize
2.1MB

Download
memory/4528-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4960-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4960-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/4960-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4960-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download