7ff49b68e1ed52e0c3e88dd29ff97128d2fbbc4d0b6398e0f5b61a0362ebf179

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2024 06:06

Target

88c1716fbd5de56d344547cc1a124ba9.exe
Size

5.3MB
MD5

88c1716fbd5de56d344547cc1a124ba9
SHA1

717a533b8b91d14ce5331a48dedb1dad597736e2
SHA256

7ff49b68e1ed52e0c3e88dd29ff97128d2fbbc4d0b6398e0f5b61a0362ebf179
SHA512

09622c18d6efd2d97162749208819626edf3f7c984a606544b997067ba4192a9875133f5223cb87a9dcf1ae6e79e282cb72a5c5b26b4492bf765f234980bd3ff
SSDEEP

98304:IJb+6uTMDKFkV3LH7d8JpmmV91oqzHvVGVf+jY/UvJQc4H7d8JpmmV91oqzHj:IJb+4bd8JYmhtPjs/UvJP4bd8JYmhtD

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
5092	88c1716fbd5de56d344547cc1a124ba9.exe

Executes dropped EXE 1 IoCs

pid	Process
5092	88c1716fbd5de56d344547cc1a124ba9.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1088-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x00070000000231f1-11.dat	upx
behavioral2/memory/5092-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1088	88c1716fbd5de56d344547cc1a124ba9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1088	88c1716fbd5de56d344547cc1a124ba9.exe
5092	88c1716fbd5de56d344547cc1a124ba9.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 5092	1088	88c1716fbd5de56d344547cc1a124ba9.exe	84
PID 1088 wrote to memory of 5092	1088	88c1716fbd5de56d344547cc1a124ba9.exe	84
PID 1088 wrote to memory of 5092	1088	88c1716fbd5de56d344547cc1a124ba9.exe	84

C:\Users\Admin\AppData\Local\Temp\88c1716fbd5de56d344547cc1a124ba9.exe

Filesize
264KB

MD5
41bae6d930d432736e34c67c9c408c21

SHA1
34e0f0141a1a29e6e887cfb949e770a07b5fc47d

SHA256
c156dcc45074230a4a2e1b7a86981f670162ddad0780079892252d4ee186969d

SHA512
a451404e243ad947c168a9bad4784e62f7de137dc9d4e1f5daacfefbe8eefbc194c4dfe5f8be5872e046e58466203969a98b05a7881f7fba0893a853b5f84eab

Download Submit
memory/1088-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1088-1-0x0000000001D00000-0x0000000001E31000-memory.dmp

Filesize
1.2MB

Download
memory/1088-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1088-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/5092-14-0x0000000001CF0000-0x0000000001E21000-memory.dmp

Filesize
1.2MB

Download
memory/5092-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/5092-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/5092-20-0x00000000055E0000-0x0000000005802000-memory.dmp

Filesize
2.1MB

Download
memory/5092-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/5092-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download