8d7df08414f52b99412ca8e8e03b1975fc390bfcebcf5fb6427db3c98357f1b7

Analysis

max time kernel
92s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 19:52

Target

90029a1d36a605c76fe280063382f782.exe
Size

5.3MB
MD5

90029a1d36a605c76fe280063382f782
SHA1

97da9523d5dddb3614a3b5649af44a708f98ed2d
SHA256

8d7df08414f52b99412ca8e8e03b1975fc390bfcebcf5fb6427db3c98357f1b7
SHA512

02de2dade4895937f13a1c86ba1932b57446e60a2666c30690820d34dafb65f937586df685f75980ac4cc880246226928132bdf8d3cb1370dc4894d68ba55283
SSDEEP

98304:X9bOo9X5OuuAJJbrUELRe/QiKWzGADpbj724Ffh9JbrUELRe/Qif:X9bOoZeAvoee/QlWzGOX9Fhjoee/Qu

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1412	90029a1d36a605c76fe280063382f782.exe

Executes dropped EXE 1 IoCs

pid	Process
1412	90029a1d36a605c76fe280063382f782.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2044-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023215-11.dat	upx
behavioral2/memory/1412-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2044	90029a1d36a605c76fe280063382f782.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2044	90029a1d36a605c76fe280063382f782.exe
1412	90029a1d36a605c76fe280063382f782.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1412	2044	90029a1d36a605c76fe280063382f782.exe	86
PID 2044 wrote to memory of 1412	2044	90029a1d36a605c76fe280063382f782.exe	86
PID 2044 wrote to memory of 1412	2044	90029a1d36a605c76fe280063382f782.exe	86

C:\Users\Admin\AppData\Local\Temp\90029a1d36a605c76fe280063382f782.exe

Filesize
806KB

MD5
ab25c9c0d43c12211c7200640169223b

SHA1
59e76fdce207377acd697af5acb09dc3202eea2f

SHA256
6a99b768214c2b6fb54c9302d039ce63bb9a8eda350bdf2aed2a514221c6a8f6

SHA512
6aacfe9c73066425f9593ff922b211d37aa84588fded04d6d90481090e08fc8683663edf255725bd81d835dfee9e2fa122f72caf91680b108ea14d9d4138775b

Download Submit
memory/1412-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1412-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1412-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1412-20-0x0000000005570000-0x000000000579A000-memory.dmp

Filesize
2.2MB

Download
memory/1412-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1412-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2044-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2044-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2044-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2044-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download