d6b1476697e5d450a768e0d9e8f22ff305d96be318c43125b212924657cf5408

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2024 18:15

Target

8a34e819185714cad54d371822584ef6.exe
Size

1.5MB
MD5

8a34e819185714cad54d371822584ef6
SHA1

59209ea86808ae8b843f3e4d18eac67b80b798ce
SHA256

d6b1476697e5d450a768e0d9e8f22ff305d96be318c43125b212924657cf5408
SHA512

c2cf76be37dffbc7eea0ab030d30128b8cafb80b228ea621325b667a9d43ab598df61107fff0ced92ffb3afdcec1415130aa40b2d4023c7a4ee8c9c5c66a943b
SSDEEP

24576:mKl37prtklSKpUcqc1Tjp9QrfkJFO31BaGYUzjaciP2g8+EcaN11M6HW:vtkNdnfyMnsBVYUzmcj+ZOM6H

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3576	8a34e819185714cad54d371822584ef6.exe

Executes dropped EXE 1 IoCs

pid	Process
3576	8a34e819185714cad54d371822584ef6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2932-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000f00000002314e-11.dat	upx
behavioral2/memory/3576-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2932	8a34e819185714cad54d371822584ef6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2932	8a34e819185714cad54d371822584ef6.exe
3576	8a34e819185714cad54d371822584ef6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 3576	2932	8a34e819185714cad54d371822584ef6.exe	29
PID 2932 wrote to memory of 3576	2932	8a34e819185714cad54d371822584ef6.exe	29
PID 2932 wrote to memory of 3576	2932	8a34e819185714cad54d371822584ef6.exe	29

C:\Users\Admin\AppData\Local\Temp\8a34e819185714cad54d371822584ef6.exe

Filesize
614KB

MD5
d67d5cfd2a4ac75d08732eeef55631a9

SHA1
936ad5ac173abd76cd7e73f5b1be99a67c7b18e4

SHA256
14c166f3349deb65d492c7d390b8bba13142f17c020bd8d1da0993e84c7c964a

SHA512
5a8f08155fcf216ecc906710e3cad973875cdf46a7c64dd864362da7b15ddbc2c7cb09a94508abb7269585fb5ef9d0bffba220d50a94750ff78089a14d53767f

Download Submit
memory/2932-1-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/2932-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2932-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2932-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3576-16-0x0000000001C50000-0x0000000001D83000-memory.dmp

Filesize
1.2MB

Download
memory/3576-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3576-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3576-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3576-20-0x0000000005550000-0x000000000577A000-memory.dmp

Filesize
2.2MB

Download
memory/3576-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download