ef5a1fb1b7ebc7a9c65d2f9593d52e369c8f3d59fa5b48eb9b5d31ded5e49c42

Analysis

max time kernel
93s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 07:35

Target

8bc389d06c2cf35b673dac3c1edf08c7.exe
Size

5.8MB
MD5

8bc389d06c2cf35b673dac3c1edf08c7
SHA1

1c264ebd376244eea084727f71fd4c79a48815ab
SHA256

ef5a1fb1b7ebc7a9c65d2f9593d52e369c8f3d59fa5b48eb9b5d31ded5e49c42
SHA512

e9a152043d4de53a636fe8424f0635f320a2cf3ea29a7854ed0509b41e8654ce613ee5b21d11e77c2d9d3dfa2edb85dd477b7b008fdc4822a909504fcb685f5f
SSDEEP

98304:TQKBj7xylOV6F9nrHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:cKBjklOV897auq1jI86FA7y2auq1jI86

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3804	8bc389d06c2cf35b673dac3c1edf08c7.exe

Executes dropped EXE 1 IoCs

pid	Process
3804	8bc389d06c2cf35b673dac3c1edf08c7.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1680-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00090000000231fb-11.dat	upx
behavioral2/memory/3804-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1680	8bc389d06c2cf35b673dac3c1edf08c7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1680	8bc389d06c2cf35b673dac3c1edf08c7.exe
3804	8bc389d06c2cf35b673dac3c1edf08c7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 3804	1680	8bc389d06c2cf35b673dac3c1edf08c7.exe	84
PID 1680 wrote to memory of 3804	1680	8bc389d06c2cf35b673dac3c1edf08c7.exe	84
PID 1680 wrote to memory of 3804	1680	8bc389d06c2cf35b673dac3c1edf08c7.exe	84

C:\Users\Admin\AppData\Local\Temp\8bc389d06c2cf35b673dac3c1edf08c7.exe

Filesize
405KB

MD5
e453c9719a11ee11b07418f91b69b81a

SHA1
bc0befd6419ecbbb441756fc18968035411cef1b

SHA256
d4381ef2d9170ca3b2de7a696560ddaacd11fd4b713fa9ecaffaa1c7c2f3898f

SHA512
b93b7cadee2e69f54e2c5bb23373aff2ff15f63eaab16072b841a778a596df0838928100ca0fffea5e3e5aa1c913b7113519a3b46ea6b395d874eaa8994fc1f9

Download Submit
memory/1680-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1680-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1680-1-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/1680-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3804-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3804-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3804-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3804-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3804-21-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/3804-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download