a0c90c0941bb41c74aaa5cfae37fc4d3bcda470338c9384002066a6c8647b1b4

Analysis

max time kernel
143s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 14:44

Target

8f6ad221d9f64f0cc3189b55025fce89.exe
Size

5.8MB
MD5

8f6ad221d9f64f0cc3189b55025fce89
SHA1

4ddd8e83ef4cf0594b554f619ece9c1aedaff6a9
SHA256

a0c90c0941bb41c74aaa5cfae37fc4d3bcda470338c9384002066a6c8647b1b4
SHA512

eb16e8f0c35df89d005dd39bdab227f970159fbda6079719b62f10d59d49742742bebf5d37303f9cb53881578504542da9e19dd27e6cfb7e648bb7ed6670d582
SSDEEP

98304:kOkud1Xe1KGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:Tde1EGhRaaCkN9qHGhRa

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4708	8f6ad221d9f64f0cc3189b55025fce89.exe

Executes dropped EXE 1 IoCs

pid	Process
4708	8f6ad221d9f64f0cc3189b55025fce89.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3588-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023203-11.dat	upx
behavioral2/memory/4708-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3588	8f6ad221d9f64f0cc3189b55025fce89.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3588	8f6ad221d9f64f0cc3189b55025fce89.exe
4708	8f6ad221d9f64f0cc3189b55025fce89.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3588 wrote to memory of 4708	3588	8f6ad221d9f64f0cc3189b55025fce89.exe	83
PID 3588 wrote to memory of 4708	3588	8f6ad221d9f64f0cc3189b55025fce89.exe	83
PID 3588 wrote to memory of 4708	3588	8f6ad221d9f64f0cc3189b55025fce89.exe	83

C:\Users\Admin\AppData\Local\Temp\8f6ad221d9f64f0cc3189b55025fce89.exe

Filesize
225KB

MD5
b8311bc7cb0afa535491ed48fffb6e82

SHA1
d082e1198515ead9376d28ece15055e4e7e4afab

SHA256
af09ea0e4be608d3a36a53a8154a6ba77abe016ed1852bb3a65647d980cb9387

SHA512
f9b8c518fa30fe0e297772a46a46e4beeb387472908a1f4d695a5c3d2793d1912c4cbfbf3520d9f8970751e7ea15dd32b59d5f44fccbe7ffb6a5d08a7530c4a7

Download Submit
memory/3588-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3588-1-0x0000000001C60000-0x0000000001D93000-memory.dmp

Filesize
1.2MB

Download
memory/3588-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3588-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4708-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4708-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4708-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4708-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4708-20-0x00000000056F0000-0x000000000591A000-memory.dmp

Filesize
2.2MB

Download
memory/4708-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download