77a5203abc35ba0c1acb4eed0956f55694104aeb56007ccc16fa36b8f1603dbb

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2024, 18:56

Target

8a481c65741e12c61e8de67c81860464.exe
Size

1.5MB
MD5

8a481c65741e12c61e8de67c81860464
SHA1

3aa2f5f36e29f1607ea1572fa994d6bccdb62d2f
SHA256

77a5203abc35ba0c1acb4eed0956f55694104aeb56007ccc16fa36b8f1603dbb
SHA512

0aff031f834336ccfbd72d13016c353d88220896164ff9c44e84bbba6f15c1f208c8180d81d85d075871fae421a7fc9d86d2d077b055d3d1480c3b2045778070
SSDEEP

24576:7ZmMErq2UxpO+LnEEd2Aopuyp0llkeV5kyZbrviWs9Xxg7UkCfE4aW:7ZmMQ/ULJbJpjceUMbrK3e7Urfg

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
792	8a481c65741e12c61e8de67c81860464.exe

Executes dropped EXE 1 IoCs

pid	Process
792	8a481c65741e12c61e8de67c81860464.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5024-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00070000000231fc-11.dat	upx
behavioral2/memory/792-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5024	8a481c65741e12c61e8de67c81860464.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5024	8a481c65741e12c61e8de67c81860464.exe
792	8a481c65741e12c61e8de67c81860464.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 792	5024	8a481c65741e12c61e8de67c81860464.exe	83
PID 5024 wrote to memory of 792	5024	8a481c65741e12c61e8de67c81860464.exe	83
PID 5024 wrote to memory of 792	5024	8a481c65741e12c61e8de67c81860464.exe	83

C:\Users\Admin\AppData\Local\Temp\8a481c65741e12c61e8de67c81860464.exe

Filesize
1.5MB

MD5
f5c699a47c19581baf8e171977f56289

SHA1
c74701e002504f2f430254236a8e9853410240be

SHA256
a10c40b336ce234e3f2994d299002b60f9b2dcb3466ea9bccb1bf81c831989cb

SHA512
a0896fcf243edb0af8a9707e964905dd594f172e872b699c418d2724dca6f0ad5a1f2229838432ed05faa5fd5a3482e60aa2e5d4cfb1e140c0bf8d351c6c9b8d

Download Submit
memory/792-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/792-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/792-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/792-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/792-21-0x00000000056E0000-0x000000000590A000-memory.dmp

Filesize
2.2MB

Download
memory/792-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5024-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5024-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/5024-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5024-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download