a9b99676148bd065a678a3b015100c6717751be62aecf4f727429da43703c27e

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 10:08

Target

869f33e2197a2745d0f77c828b5cc5b6.exe
Size

80KB
MD5

869f33e2197a2745d0f77c828b5cc5b6
SHA1

36b4b955da259b27e97bd96a7e772bef9e819339
SHA256

a9b99676148bd065a678a3b015100c6717751be62aecf4f727429da43703c27e
SHA512

5ce7e9d55213f30868567a6787a2defe436de9339b8412f3238d593013792595a03d2d43e413a224d5d8ab48b74985e4d4ea3952d043b9b7f9febdc9a5777f24
SSDEEP

1536:JNahz11BYsCqQMqfW/jgP+fVP0/qe0CmuJd4BXL:JkqsCHMqfW/i+fCRBbd45

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3156	869f33e2197a2745d0f77c828b5cc5b6.exe

Executes dropped EXE 1 IoCs

pid	Process
3156	869f33e2197a2745d0f77c828b5cc5b6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3212-0-0x0000000000400000-0x000000000043A000-memory.dmp	upx
behavioral2/files/0x0006000000023209-11.dat	upx
behavioral2/memory/3156-13-0x0000000000400000-0x000000000043A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3212	869f33e2197a2745d0f77c828b5cc5b6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3212	869f33e2197a2745d0f77c828b5cc5b6.exe
3156	869f33e2197a2745d0f77c828b5cc5b6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3212 wrote to memory of 3156	3212	869f33e2197a2745d0f77c828b5cc5b6.exe	85
PID 3212 wrote to memory of 3156	3212	869f33e2197a2745d0f77c828b5cc5b6.exe	85
PID 3212 wrote to memory of 3156	3212	869f33e2197a2745d0f77c828b5cc5b6.exe	85

C:\Users\Admin\AppData\Local\Temp\869f33e2197a2745d0f77c828b5cc5b6.exe

Filesize
57KB

MD5
192080b7affdd6a2c8b746191908c382

SHA1
9402680181bff77ec24f5a61733ca06fbe67fc45

SHA256
8d332026d5dae134156923194366858f173ea93706f0377c1cac5a7f0b5688d5

SHA512
c949d2544096a8906339783bc8170a6e39d71f3f4f77722533656515bd1d432c2ca6814f9846e2e832988fa92b8b548810e1aa2cd924592b44eabfb247a4a4d2

Download Submit
memory/3156-14-0x00000000000C0000-0x00000000000CE000-memory.dmp

Filesize
56KB

Download
memory/3156-13-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3156-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3156-15-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3156-25-0x00000000001D0000-0x00000000001EB000-memory.dmp

Filesize
108KB

Download
memory/3156-26-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3212-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/3212-1-0x00000000001F0000-0x00000000001FE000-memory.dmp

Filesize
56KB

Download
memory/3212-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/3212-12-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download