106d44053f992d84c548e2641826c458434f70b8a0810e1405f2c693bb9c6985

Analysis

max time kernel
92s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 10:45

Target

86b1aeb8274105ab2ada325f23857d32.exe
Size

1.3MB
MD5

86b1aeb8274105ab2ada325f23857d32
SHA1

15f1d9731e894055a7c833e6566d6aab11a83761
SHA256

106d44053f992d84c548e2641826c458434f70b8a0810e1405f2c693bb9c6985
SHA512

1623538854f9a51eca11383c518933ebec05b29d8276aa7a522ee9616cbd6d073fc3bb47e4c1f075bcfcf8933560c7dd5c1155e11641ddeeb268445042e454c8
SSDEEP

24576:scf6odiivL2iXtiUZDS3uPB7NFqEmq0Zojs0tosoRGUfBlkMYNs5mzx7U9/9Us:hTvqiXUUoePhNh5tAGUkMYUm14R9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2884	86b1aeb8274105ab2ada325f23857d32.exe

Executes dropped EXE 1 IoCs

pid	Process
2884	86b1aeb8274105ab2ada325f23857d32.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1528-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x00070000000231f2-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1528	86b1aeb8274105ab2ada325f23857d32.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1528	86b1aeb8274105ab2ada325f23857d32.exe
2884	86b1aeb8274105ab2ada325f23857d32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 2884	1528	86b1aeb8274105ab2ada325f23857d32.exe	84
PID 1528 wrote to memory of 2884	1528	86b1aeb8274105ab2ada325f23857d32.exe	84
PID 1528 wrote to memory of 2884	1528	86b1aeb8274105ab2ada325f23857d32.exe	84

C:\Users\Admin\AppData\Local\Temp\86b1aeb8274105ab2ada325f23857d32.exe

Filesize
43KB

MD5
df4b6821fb7c36e0bd4aa584e6eaf252

SHA1
e6695839127e7245fbf60aee93104ffe3c48830c

SHA256
1bc593641f54b8acbf2d80333e7fe2d5eece844b891071acfd5e7e6531a947b5

SHA512
50b6474de1f0ef22ed5ce51f704306b8c254d777d3fe9c01f79c2012f3cc5861d85404683dca70cc2551dc3023cabf287f471a13fda52c33c7829dcc148cda61

Download Submit
memory/1528-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1528-2-0x0000000001D20000-0x0000000001E51000-memory.dmp

Filesize
1.2MB

Download
memory/1528-1-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1528-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2884-13-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2884-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2884-15-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2884-20-0x00000000055C0000-0x00000000057E2000-memory.dmp

Filesize
2.1MB

Download
memory/2884-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2884-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download