ab74e83ea6ab7b6d8a3a1027991189c79d17e0cb00a3f947eb4ebc3d57f4585e

Analysis

max time kernel
90s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2024 10:40

Target

86af3ab3f31142fa93be9e540d4bf313.exe
Size

59KB
MD5

86af3ab3f31142fa93be9e540d4bf313
SHA1

0a1b7340db75e62e8a8e5edaf056675479215187
SHA256

ab74e83ea6ab7b6d8a3a1027991189c79d17e0cb00a3f947eb4ebc3d57f4585e
SHA512

f0026e0fb18938b10ea2ba4284109d4204eb81b1632a88fc310dfdf6f7a2593e10060f41559e8937c41a1c17055b811aa9364ce9492b6077843754f742f79505
SSDEEP

1536:ITJXsRpM1PwHfY+aftBUA4l59M1AIW4gEhW:ITF0+9wHql20AO

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4452	86af3ab3f31142fa93be9e540d4bf313.exe

Executes dropped EXE 1 IoCs

pid	Process
4452	86af3ab3f31142fa93be9e540d4bf313.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1596-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral2/files/0x0007000000023107-11.dat	upx
behavioral2/memory/4452-12-0x0000000000400000-0x000000000043D000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1596	86af3ab3f31142fa93be9e540d4bf313.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1596	86af3ab3f31142fa93be9e540d4bf313.exe
4452	86af3ab3f31142fa93be9e540d4bf313.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1596 wrote to memory of 4452	1596	86af3ab3f31142fa93be9e540d4bf313.exe	83
PID 1596 wrote to memory of 4452	1596	86af3ab3f31142fa93be9e540d4bf313.exe	83
PID 1596 wrote to memory of 4452	1596	86af3ab3f31142fa93be9e540d4bf313.exe	83

C:\Users\Admin\AppData\Local\Temp\86af3ab3f31142fa93be9e540d4bf313.exe

Filesize
59KB

MD5
9062b4419eefe94dc7d2251ddb2f2d00

SHA1
41755021181558874fb6e34e1b6a9b1af7346675

SHA256
f9b5bcd26fd5eec0d7c6f578c5c4d18bae8a44af13905cd2f1d3bdb315085ee1

SHA512
8f6a6832478acd0d231b929e198d2c1e97f3a312712e79418b3fe0db2e9cfa10f657f65a2a23b72baf7bf2d187995a3170cee6ee55171d6a6b3caecb32b0c038

Download Submit
memory/1596-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1596-1-0x00000000001C0000-0x00000000001CF000-memory.dmp

Filesize
60KB

Download
memory/1596-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1596-25-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4452-12-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4452-13-0x00000000001A0000-0x00000000001AF000-memory.dmp

Filesize
60KB

Download
memory/4452-14-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4452-19-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4452-24-0x0000000004D60000-0x0000000004D7D000-memory.dmp

Filesize
116KB

Download
memory/4452-26-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download