52265c045652ddc3d9fb8d00cbd69971f7a55d7cb158bbefbdb3d574c0bb0d32

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2024 08:00

Target

88fc0b8202ab9bf605026520ab3b3cea.exe
Size

2.7MB
MD5

88fc0b8202ab9bf605026520ab3b3cea
SHA1

19b65fa1a74328013e93c6c05fbbabf9dfd09767
SHA256

52265c045652ddc3d9fb8d00cbd69971f7a55d7cb158bbefbdb3d574c0bb0d32
SHA512

fffd54fd9135188082676af350d0fe411547db44f60ce06b2faacb6969cbb3596e50862da34ea77318b96c17857981542a4b5da3573a13160fd8ab89d1380362
SSDEEP

49152:KE1yMYRySGlshqEJ39x1S/vKdAHkI63kf3HKlGwtEaK6cZf:KmyJkSOshV19x1+KdAEI63kf3H/wWaKn

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
960	88fc0b8202ab9bf605026520ab3b3cea.exe

Executes dropped EXE 1 IoCs

pid	Process
960	88fc0b8202ab9bf605026520ab3b3cea.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4540-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0006000000023210-11.dat	upx
behavioral2/memory/960-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4540	88fc0b8202ab9bf605026520ab3b3cea.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4540	88fc0b8202ab9bf605026520ab3b3cea.exe
960	88fc0b8202ab9bf605026520ab3b3cea.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 960	4540	88fc0b8202ab9bf605026520ab3b3cea.exe	83
PID 4540 wrote to memory of 960	4540	88fc0b8202ab9bf605026520ab3b3cea.exe	83
PID 4540 wrote to memory of 960	4540	88fc0b8202ab9bf605026520ab3b3cea.exe	83

C:\Users\Admin\AppData\Local\Temp\88fc0b8202ab9bf605026520ab3b3cea.exe

Filesize
1.8MB

MD5
03a9a494a3ecdb2cd7f8e97b011cb4e7

SHA1
b350ba8fdd09b1b977042b2158a735dea03affcd

SHA256
3765060c9b9de9c0b91d13c654363504dca5646e3cf77da3a7dfd4ec32b8af4f

SHA512
7d2dc83eed59f293f73e4c14953cce447fe82cd861eec726041bb4e41e8ad53bcd9376b8417a1d0911bb65efd587a11f9229484fc565b38c523f9cbb8d55afcb

Download Submit
memory/960-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/960-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/960-14-0x0000000001CB0000-0x0000000001DE3000-memory.dmp

Filesize
1.2MB

Download
memory/960-20-0x00000000055B0000-0x00000000057DA000-memory.dmp

Filesize
2.2MB

Download
memory/960-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/960-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4540-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4540-1-0x0000000001C50000-0x0000000001D83000-memory.dmp

Filesize
1.2MB

Download
memory/4540-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4540-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download