a7493558deb1e462e7fbcb15a657ea3b1a2309cbb1db35a420c8f1eda04660ec

Analysis

max time kernel
89s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2024 08:36

Target

8be1dd1d395d50db5f014769ef0ed6c9.exe
Size

1.3MB
MD5

8be1dd1d395d50db5f014769ef0ed6c9
SHA1

04cbc40c25f9909d32b063cd4d52f82b63018f33
SHA256

a7493558deb1e462e7fbcb15a657ea3b1a2309cbb1db35a420c8f1eda04660ec
SHA512

735bdf315a3db388565f6d7233f1c63fbbf5425063de91ba5eedceae6eda03f28e99dee20b26d5c82f8dea027c0d252974a31942e9be62c8683507a0bc121284
SSDEEP

24576:eNnxuTG7ei8wOlna3Jt3zV0vErfc+j/C8+K7l5/TbRYhEQWc:+xuTGyqO8zSvifcIDv558p

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3800	8be1dd1d395d50db5f014769ef0ed6c9.exe

Executes dropped EXE 1 IoCs

pid	Process
3800	8be1dd1d395d50db5f014769ef0ed6c9.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5100-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0009000000023224-11.dat	upx
behavioral2/memory/3800-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5100	8be1dd1d395d50db5f014769ef0ed6c9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5100	8be1dd1d395d50db5f014769ef0ed6c9.exe
3800	8be1dd1d395d50db5f014769ef0ed6c9.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 3800	5100	8be1dd1d395d50db5f014769ef0ed6c9.exe	87
PID 5100 wrote to memory of 3800	5100	8be1dd1d395d50db5f014769ef0ed6c9.exe	87
PID 5100 wrote to memory of 3800	5100	8be1dd1d395d50db5f014769ef0ed6c9.exe	87

C:\Users\Admin\AppData\Local\Temp\8be1dd1d395d50db5f014769ef0ed6c9.exe

Filesize
363KB

MD5
0bd91330f8d4e697a10d2a2122de00ae

SHA1
4286ff5a9c34159d55eb811aa6b3841093bb9fe1

SHA256
387d0557aa162d191edd78d0b93ad4dae1270325c09ec4edcc78a55aab41670f

SHA512
00d609ca06c03b609964bb7d5c24756a676fd079a13cb4e940e7474dde213c223023e6ab410f5b28151a4dd5efeda308860605deb60cccd0752228ce8c707028

Download Submit
memory/3800-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3800-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3800-15-0x0000000001C70000-0x0000000001DA3000-memory.dmp

Filesize
1.2MB

Download
memory/3800-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3800-22-0x0000000005570000-0x000000000579A000-memory.dmp

Filesize
2.2MB

Download
memory/3800-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5100-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5100-1-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/5100-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5100-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download