94d3f70c938c8e26bfcaac02d071f3fcaefebcafe614b94f7ad90c0380f0fd3c

Analysis

max time kernel
131s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2024 13:39

Target

7ff8d1512d910ca1e655cdfa1e1859c9.exe
Size

1.3MB
MD5

7ff8d1512d910ca1e655cdfa1e1859c9
SHA1

e9ba02c0240a3a2e4284748b12a1aa160f72a6e8
SHA256

94d3f70c938c8e26bfcaac02d071f3fcaefebcafe614b94f7ad90c0380f0fd3c
SHA512

81a11fc3941b147391f86017b0d38155b8a7169fa030b301550dfa4eaf0d8f208ad0acfd8632fc53de247030e22da687f11d711b3765e7bf852601f103d1aca5
SSDEEP

24576:IAWa1DBt1V//7jfFLhy/iM5U28Vpqa/iLMWbhoqqTrzxX0rWO:Ixa1DBtqtnGxi/oqqTr1XSf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4536	7ff8d1512d910ca1e655cdfa1e1859c9.exe

Executes dropped EXE 1 IoCs

pid	Process
4536	7ff8d1512d910ca1e655cdfa1e1859c9.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3044-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000f000000023138-11.dat	upx
behavioral2/memory/4536-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3044	7ff8d1512d910ca1e655cdfa1e1859c9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3044	7ff8d1512d910ca1e655cdfa1e1859c9.exe
4536	7ff8d1512d910ca1e655cdfa1e1859c9.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 4536	3044	7ff8d1512d910ca1e655cdfa1e1859c9.exe	84
PID 3044 wrote to memory of 4536	3044	7ff8d1512d910ca1e655cdfa1e1859c9.exe	84
PID 3044 wrote to memory of 4536	3044	7ff8d1512d910ca1e655cdfa1e1859c9.exe	84

C:\Users\Admin\AppData\Local\Temp\7ff8d1512d910ca1e655cdfa1e1859c9.exe

Filesize
254KB

MD5
735f3e1d21192e929f86b53e8624b2d8

SHA1
d8c474c37b0c7846cb19a68bb4ec799716ce7713

SHA256
ec3baac35dc7496811a1f44eb8a176b2e019c86bba19887243f088072339f6cc

SHA512
f1a02ef962c098c03e3a1f7d9a2727fa2a9668639783ac07b11837f4be69bb8924c9a4c94835b0dda16ef663c6ddc9f2ac1619e6b7bce27ffa8bec17cb30c8af

Download Submit
memory/3044-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3044-1-0x0000000001CA0000-0x0000000001DD3000-memory.dmp

Filesize
1.2MB

Download
memory/3044-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3044-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4536-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4536-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4536-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4536-20-0x00000000055D0000-0x00000000057FA000-memory.dmp

Filesize
2.2MB

Download
memory/4536-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4536-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download