7d9d78e2ac902638d3cd73b3fd042ce50c19f061716266f4ce829f8936cf33d8

Analysis

max time kernel
140s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 00:09

Target

97f917ced4ea24170af46ba17d13b687.exe
Size

2.7MB
MD5

97f917ced4ea24170af46ba17d13b687
SHA1

0a40ddae156fef73f0e41be5fc763ad38cdb9f8a
SHA256

7d9d78e2ac902638d3cd73b3fd042ce50c19f061716266f4ce829f8936cf33d8
SHA512

b3c707ace5b2bf41ee71858e454e844f6771326e0b778869f658e906c5d1e125cfc82f9fb92cd488a7780d15e7edeba69be96a4f4f5f7eaf28f1b285980cc619
SSDEEP

49152:MLBIMuNyH8jO94bsYh6xxSXP1MqmUBJCyinKdhuv5IpDKlKoUIrP34p:2ItNyHKO9wsYMAqUbCyiKiBIpD1onT3q

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
648	97f917ced4ea24170af46ba17d13b687.exe

Executes dropped EXE 1 IoCs

pid	Process
648	97f917ced4ea24170af46ba17d13b687.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3820-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023113-11.dat	upx
behavioral2/memory/648-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3820	97f917ced4ea24170af46ba17d13b687.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3820	97f917ced4ea24170af46ba17d13b687.exe
648	97f917ced4ea24170af46ba17d13b687.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3820 wrote to memory of 648	3820	97f917ced4ea24170af46ba17d13b687.exe	84
PID 3820 wrote to memory of 648	3820	97f917ced4ea24170af46ba17d13b687.exe	84
PID 3820 wrote to memory of 648	3820	97f917ced4ea24170af46ba17d13b687.exe	84

C:\Users\Admin\AppData\Local\Temp\97f917ced4ea24170af46ba17d13b687.exe

Filesize
960KB

MD5
919899bd95fe6b489f8c66f276eb4554

SHA1
609f9387631bc0bc459586384bc759daa797c903

SHA256
e2bbd4ce2ed213fb1f99ed653993b5b7f10123ad12994b02fe2471c6211427d7

SHA512
f7f9cb19f1b63bc090203e2992f1500cfd17a5cda77ae0068d778cb31fc321e5285f731936befc33ad194a870de5d781daa946bf1f2441653c9fb60809e73001

Download Submit
memory/648-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/648-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/648-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/648-20-0x0000000005570000-0x000000000579A000-memory.dmp

Filesize
2.2MB

Download
memory/648-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/648-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3820-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3820-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3820-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3820-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download