a25311ac9b5dc182979b73bc60b72053e0c053c2fe9a4b440efd1ac536685629

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 04:30

Target

964078cd6066d147b0ec6a3a93420283.exe
Size

1.3MB
MD5

964078cd6066d147b0ec6a3a93420283
SHA1

82cdac94015a9074efddc7f641ec398779b51a47
SHA256

a25311ac9b5dc182979b73bc60b72053e0c053c2fe9a4b440efd1ac536685629
SHA512

ec460f119a3eac1c5f212e39ad740f762fce639a622b4a2c90683aa49b2df5aad2d979e4bbcaaec7f99921041a8b2fce3d056ccb9bc138762f0602ae6e174829
SSDEEP

24576:4MqHYdUIfr+vnUFZV2Hp4sVRogYzHUWKJnSgevD31Z8/i+6aJuGhnnmU9/9Us:4d4dUIfrVZVtyogYz03nSdJabZJLB5Rt

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1136	964078cd6066d147b0ec6a3a93420283.exe

Executes dropped EXE 1 IoCs

pid	Process
1136	964078cd6066d147b0ec6a3a93420283.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2952-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0007000000023209-11.dat	upx
behavioral2/memory/1136-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2952	964078cd6066d147b0ec6a3a93420283.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2952	964078cd6066d147b0ec6a3a93420283.exe
1136	964078cd6066d147b0ec6a3a93420283.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 1136	2952	964078cd6066d147b0ec6a3a93420283.exe	83
PID 2952 wrote to memory of 1136	2952	964078cd6066d147b0ec6a3a93420283.exe	83
PID 2952 wrote to memory of 1136	2952	964078cd6066d147b0ec6a3a93420283.exe	83

C:\Users\Admin\AppData\Local\Temp\964078cd6066d147b0ec6a3a93420283.exe

Filesize
1.3MB

MD5
a016169d008a5c5d7cf98b35d214cc7d

SHA1
b4f0d9221993f48a1f4a9d7d2c04a29aa0aa3b07

SHA256
702b15c9cf2c69644bb7aa07efa7716cb78851761746e8053a3548a1537c8cb2

SHA512
2f71d26764398541c4dbf15124ee99fea902e0a489ea9700719239f6b80cc970b9a6d3148b080311ab0c10798a67608030b840bbe7f5f574cd078dbf93a82a93

Download Submit
memory/1136-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1136-15-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/1136-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1136-20-0x0000000005500000-0x0000000005722000-memory.dmp

Filesize
2.1MB

Download
memory/1136-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1136-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2952-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2952-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2952-1-0x0000000001DD0000-0x0000000001F01000-memory.dmp

Filesize
1.2MB

Download
memory/2952-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download