3e6ac8a8da25c67621d8b7c98df9f8119b9239e7ce95be846653c239e1eb156b

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 02:12

Target

85a80e2d0c5ae2cc9034916f480c177c.exe
Size

8.7MB
MD5

85a80e2d0c5ae2cc9034916f480c177c
SHA1

f878d8064fea95bf2d00985fe562e47ac6a5b8c3
SHA256

3e6ac8a8da25c67621d8b7c98df9f8119b9239e7ce95be846653c239e1eb156b
SHA512

d85bdb43bcb0c3a7743ae40b02fdfcce07200015f65a3995255cd7202e75da9dab4a5f3ce352711a8176d87017de000377556a57b312e9f0bc0ed18290dea506
SSDEEP

196608:2IiLXWC/f1q3ULWCmZaoky7y6WC/f1q3ULWCX:2p7h1q3ULYZaokyLh1q3UL9

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1344	85a80e2d0c5ae2cc9034916f480c177c.exe

Executes dropped EXE 1 IoCs

pid	Process
1344	85a80e2d0c5ae2cc9034916f480c177c.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4196-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023207-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4196	85a80e2d0c5ae2cc9034916f480c177c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4196	85a80e2d0c5ae2cc9034916f480c177c.exe
1344	85a80e2d0c5ae2cc9034916f480c177c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 1344	4196	85a80e2d0c5ae2cc9034916f480c177c.exe	86
PID 4196 wrote to memory of 1344	4196	85a80e2d0c5ae2cc9034916f480c177c.exe	86
PID 4196 wrote to memory of 1344	4196	85a80e2d0c5ae2cc9034916f480c177c.exe	86

C:\Users\Admin\AppData\Local\Temp\85a80e2d0c5ae2cc9034916f480c177c.exe

Filesize
381KB

MD5
70723b243d442b069c83ee2eca754b63

SHA1
f5c5a11299e30b4b18ae98105e3f712ad26d5016

SHA256
6263783579ffeee3db9d271bca2cba09bfa6c2c9a83da40bfcb276ee9be562df

SHA512
758476b51cf7325fbb1ca626c7cc3eb671c9de8e6e796d99915e78e5b895cfeb5e9d1e54e5567b4da429ebb0f4322db39dd58b8121cbaa5b0d1120d013732ad1

Download Submit
memory/1344-13-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1344-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1344-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1344-20-0x0000000005570000-0x000000000579A000-memory.dmp

Filesize
2.2MB

Download
memory/1344-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1344-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4196-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4196-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4196-1-0x0000000001DB0000-0x0000000001EE3000-memory.dmp

Filesize
1.2MB

Download
memory/4196-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download