d7597a9efbb41f6f09bc2160783e3536ab0dd0c4d531925e6d90cf4b6a3a844b

Analysis

max time kernel
93s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 13:36

Target

97477901e07756e8b5e282b0b99880af.exe
Size

5.8MB
MD5

97477901e07756e8b5e282b0b99880af
SHA1

6c3364f1e536a7dcdda5de2be5ee31c7850d25c7
SHA256

d7597a9efbb41f6f09bc2160783e3536ab0dd0c4d531925e6d90cf4b6a3a844b
SHA512

09c8deddf2fc5e5451941d63798d9b380ab531e7260c6761b2a44f54caaa6e35402308f49bc183296313ee0a613675a2a1cb1a78557e78d38f8e74b83323634e
SSDEEP

98304:hUbgWS/YZL4F+0apNSiHau42c1joCjMPkNwk6ndSXj1IAcCbkOdrzGNoK2Hau42j:u6g0Ehauq1jI860Xjc2kOxauq1jI86

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4292	97477901e07756e8b5e282b0b99880af.exe

Executes dropped EXE 1 IoCs

pid	Process
4292	97477901e07756e8b5e282b0b99880af.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3748-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00070000000231fc-11.dat	upx
behavioral2/memory/4292-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3748	97477901e07756e8b5e282b0b99880af.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3748	97477901e07756e8b5e282b0b99880af.exe
4292	97477901e07756e8b5e282b0b99880af.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3748 wrote to memory of 4292	3748	97477901e07756e8b5e282b0b99880af.exe	85
PID 3748 wrote to memory of 4292	3748	97477901e07756e8b5e282b0b99880af.exe	85
PID 3748 wrote to memory of 4292	3748	97477901e07756e8b5e282b0b99880af.exe	85

C:\Users\Admin\AppData\Local\Temp\97477901e07756e8b5e282b0b99880af.exe

Filesize
5.8MB

MD5
38cd7f30c5df34f1b023ce25b1d850d3

SHA1
0b98720caa7dad9407308d728da831606334a25e

SHA256
4061766f210e8bda592f5a8391bd83a15f589123f57b88810c2be5a56285abc5

SHA512
b64761ef071f4c5ecf703c4bb0a5ace40b24ed97abe8da898848a4231e4ffc5afd0fb587fe4ff56f53df1c98af45f54e831cabf92f9c941f4372628f87887b6c

Download Submit
memory/3748-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3748-1-0x0000000001D90000-0x0000000001EC3000-memory.dmp

Filesize
1.2MB

Download
memory/3748-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3748-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4292-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4292-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4292-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4292-21-0x00000000056C0000-0x00000000058EA000-memory.dmp

Filesize
2.2MB

Download
memory/4292-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4292-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download