15f3a5912a0c973304195047b7580b468d6340213a770d61ecf89b870e3124e5

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2024 13:26

Target

86ffe8a742e3fe4842128c007230f24a.exe
Size

1.5MB
MD5

86ffe8a742e3fe4842128c007230f24a
SHA1

8a1e486765b7b6219cef53209a672865748ea103
SHA256

15f3a5912a0c973304195047b7580b468d6340213a770d61ecf89b870e3124e5
SHA512

6bd503a97a28a71914da2acbe41ad754aaac4b5c3bc5e66539da0d6004333d60c4c0179de479eadf408fd71b58ce2dcbefab140f525d2cde679761a1a3e69657
SSDEEP

24576:YswlBBSwMhstXhS5O+7nmoNGPf0498fa1FW4WCqhIMcPHyw3zEVcsyXi5W:EBBSwF08wnjof04p1F7/ZyDcsyI

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4380	86ffe8a742e3fe4842128c007230f24a.exe

Executes dropped EXE 1 IoCs

pid	Process
4380	86ffe8a742e3fe4842128c007230f24a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3528-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002322c-11.dat	upx
behavioral2/memory/4380-12-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3528	86ffe8a742e3fe4842128c007230f24a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3528	86ffe8a742e3fe4842128c007230f24a.exe
4380	86ffe8a742e3fe4842128c007230f24a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 4380	3528	86ffe8a742e3fe4842128c007230f24a.exe	83
PID 3528 wrote to memory of 4380	3528	86ffe8a742e3fe4842128c007230f24a.exe	83
PID 3528 wrote to memory of 4380	3528	86ffe8a742e3fe4842128c007230f24a.exe	83

C:\Users\Admin\AppData\Local\Temp\86ffe8a742e3fe4842128c007230f24a.exe

Filesize
170KB

MD5
44dd17c3218c0f183c15b6bb3f5396b4

SHA1
e209d29e3e3109e841f3cef3deda88d8d80df4f9

SHA256
39e3de23407817cf9c78ad7e49b2c95f40fe86eb76cadcc90cc6cd209ace385a

SHA512
752d335f7633155beafc13c91eb2b53284647d0d0def0c85321ec2aa5e95399d1d5dc0d8f57c527deae845894ed17c1561ff27f5e8540f5ae5a016c30a250e48

Download Submit
memory/3528-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3528-1-0x0000000001CC0000-0x0000000001DF3000-memory.dmp

Filesize
1.2MB

Download
memory/3528-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3528-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4380-12-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4380-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4380-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4380-21-0x00000000055C0000-0x00000000057EA000-memory.dmp

Filesize
2.2MB

Download
memory/4380-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4380-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download