a737ee5ddf14c73aa85c4ad16be4694ced844957dd1f8b8f590abde96f56f829

Analysis

max time kernel
138s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 04:31

Target

85ef1a4070a416b8f9a91be274b41d74.exe
Size

5.3MB
MD5

85ef1a4070a416b8f9a91be274b41d74
SHA1

15029adfdd10b3fa3b518e6febe2f363e4f169e5
SHA256

a737ee5ddf14c73aa85c4ad16be4694ced844957dd1f8b8f590abde96f56f829
SHA512

96049f58b17b02ad7f7fda608c922a0432fe179a5e5e68dfc96bf892d8af479690f985a9f98b13fe097fd261e4da2e304ae675898409b9f51e8a723e76daddb4
SSDEEP

98304:Ie8jraob7DprXCsYgkH7d8JpmmV91oqzHvVGVf+jY/UvJQc4H7d8JpmmV91oqzHj:ITnao9Gekbd8JYmhtPjs/UvJP4bd8JY+

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4520	85ef1a4070a416b8f9a91be274b41d74.exe

Executes dropped EXE 1 IoCs

pid	Process
4520	85ef1a4070a416b8f9a91be274b41d74.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3056-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x00070000000230fd-11.dat	upx
behavioral2/memory/4520-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3056	85ef1a4070a416b8f9a91be274b41d74.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3056	85ef1a4070a416b8f9a91be274b41d74.exe
4520	85ef1a4070a416b8f9a91be274b41d74.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 4520	3056	85ef1a4070a416b8f9a91be274b41d74.exe	83
PID 3056 wrote to memory of 4520	3056	85ef1a4070a416b8f9a91be274b41d74.exe	83
PID 3056 wrote to memory of 4520	3056	85ef1a4070a416b8f9a91be274b41d74.exe	83

C:\Users\Admin\AppData\Local\Temp\85ef1a4070a416b8f9a91be274b41d74.exe

Filesize
5.3MB

MD5
830dfc8438b05e3ab21ae354f1e3764a

SHA1
00d5b488bacf9d4184edbed9b2253d8d191e1b9f

SHA256
4a00c7a78091704358134b93040da6f2dbccfdb4a2cd7f8b8447105638151fbd

SHA512
81d85ff0edc3f287270b582179e2fe3932207f470d6678ffce21494b344da5169f2d4c1437537f86fb3c7301b19deb1914ad9c7617c6c5e0961d15dda99a1ee6

Download Submit
memory/3056-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3056-1-0x0000000001D20000-0x0000000001E51000-memory.dmp

Filesize
1.2MB

Download
memory/3056-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3056-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4520-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4520-14-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/4520-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4520-20-0x0000000005550000-0x0000000005772000-memory.dmp

Filesize
2.1MB

Download
memory/4520-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/4520-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download