a5101ce46691c0d1347529ff011817196a1caa5bd59fff6a3be73873c8c5d609

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2024, 04:25

Target

888be668895c287f203dbe978e3af7c8.exe
Size

2.7MB
MD5

888be668895c287f203dbe978e3af7c8
SHA1

24f191a0d6d0d5136cd9db8719d8bd8faac3a313
SHA256

a5101ce46691c0d1347529ff011817196a1caa5bd59fff6a3be73873c8c5d609
SHA512

9c333420e396d4a3b3b7750986ea83fb03d8155003f35095628504bf76cb802170483bd2d8fce660a1115fbaa70cde413960d5ca5be71b15b7342b98069134ea
SSDEEP

49152:iUsRxWMXfkJpsNl4vDdtcR9ktBc1+Q4YdxSChG38bDUggR9t:iUuPXKpMlKkHktBcwQDM2YIDULHt

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1484	888be668895c287f203dbe978e3af7c8.exe

Executes dropped EXE 1 IoCs

pid	Process
1484	888be668895c287f203dbe978e3af7c8.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2176-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000700000002323a-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2176	888be668895c287f203dbe978e3af7c8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2176	888be668895c287f203dbe978e3af7c8.exe
1484	888be668895c287f203dbe978e3af7c8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 1484	2176	888be668895c287f203dbe978e3af7c8.exe	86
PID 2176 wrote to memory of 1484	2176	888be668895c287f203dbe978e3af7c8.exe	86
PID 2176 wrote to memory of 1484	2176	888be668895c287f203dbe978e3af7c8.exe	86

C:\Users\Admin\AppData\Local\Temp\888be668895c287f203dbe978e3af7c8.exe

Filesize
680KB

MD5
4e23fb62e801d08a40bac621b049d289

SHA1
f059811433703e2378d2a891069c625a66b3375f

SHA256
70e5eb964235f76c09bb7be05bbf406096c03d53f05bf46bed6c97701079a6a7

SHA512
8f5ceb7345a72e5cd462bfbb7c901c69ea8850ef1844b5066da66125d7bb97694e97d31f3020d3051d1755f3731078f8e4fdbc784e50366f32a08ec2dcd1c499

Download Submit
memory/1484-13-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/1484-15-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1484-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1484-20-0x0000000005620000-0x0000000005842000-memory.dmp

Filesize
2.1MB

Download
memory/1484-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1484-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2176-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2176-1-0x0000000001D20000-0x0000000001E51000-memory.dmp

Filesize
1.2MB

Download
memory/2176-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2176-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download