85dd75da6b158661977db18e5849c684fd0a5b857a00cd10af8561aa767445f5

Analysis

max time kernel
91s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 05:11

Target

8b7b574925f05bf8e431e8307647cb60.exe
Size

5.8MB
MD5

8b7b574925f05bf8e431e8307647cb60
SHA1

4a9b902969b000115ea87d50d1f246c6ebc47e46
SHA256

85dd75da6b158661977db18e5849c684fd0a5b857a00cd10af8561aa767445f5
SHA512

f1246928024a87893953acf96b34e1ce533444747f82fc0890b31f27920ea71c66509f7bce9c4eba465b2cf29195443d40651812244b1e9c78ed5f9e144a71b2
SSDEEP

98304:F+s9rk5GBXqVdfgg3gnl/IVUs1jePsqthvHrFHa7a1gg3gnl/IVUs1jePs:7k5GRIdNgl/iBiPftLIagl/iBiP

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1184	8b7b574925f05bf8e431e8307647cb60.exe

Executes dropped EXE 1 IoCs

pid	Process
1184	8b7b574925f05bf8e431e8307647cb60.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3828-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023210-11.dat	upx
behavioral2/memory/1184-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3828	8b7b574925f05bf8e431e8307647cb60.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3828	8b7b574925f05bf8e431e8307647cb60.exe
1184	8b7b574925f05bf8e431e8307647cb60.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3828 wrote to memory of 1184	3828	8b7b574925f05bf8e431e8307647cb60.exe	87
PID 3828 wrote to memory of 1184	3828	8b7b574925f05bf8e431e8307647cb60.exe	87
PID 3828 wrote to memory of 1184	3828	8b7b574925f05bf8e431e8307647cb60.exe	87

C:\Users\Admin\AppData\Local\Temp\8b7b574925f05bf8e431e8307647cb60.exe

Filesize
832KB

MD5
a236c0cac6699e418c026787923de5e7

SHA1
0d3dbf1a32e3c13b37c4eda4f155c68712006c0d

SHA256
1d39cb0204b32ee43e1fce348e96f18a826d51fe523afc686a32bcf4c1e01557

SHA512
06a943ff9be608aafde5eaa694318b8b69c6a25ddee8bb6a90bc9c948c7ec17d730ffb33c9c66d1de6c7042e7f375f792313797a163bcf6eabb88047e2596902

Download Submit
memory/1184-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1184-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1184-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1184-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1184-20-0x00000000055C0000-0x00000000057EA000-memory.dmp

Filesize
2.2MB

Download
memory/1184-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3828-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3828-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3828-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3828-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download