0f7e82ff1186c7cf8667b22726bd9e730cd256bb75236af178d2b80f2c83ee3a

Analysis

max time kernel
143s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 09:59

Target

9921326d5eae0f9bdf9346f684c4f612.exe
Size

1.3MB
MD5

9921326d5eae0f9bdf9346f684c4f612
SHA1

91f2d78e15c2bacefe6350f11fe9d48055a2a4c2
SHA256

0f7e82ff1186c7cf8667b22726bd9e730cd256bb75236af178d2b80f2c83ee3a
SHA512

14bbeaf91b698cfd052d1e13945de4287beb715df5eb3322e26ebba347b80a07a34fd18fdc68710409cdcf3ed054c5c9b0ff08c5fdf42a1e89a9aab204179d47
SSDEEP

24576:h6Vba/HtEpgo37iRD/6JOR2UKQFsSzUkYqAtwsERqiPs4F274OsqNql25t6apNSL:h6Vba/HWzLC/zMn+uNjFL4F+sqIUSapI

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1236	9921326d5eae0f9bdf9346f684c4f612.exe

Executes dropped EXE 1 IoCs

pid	Process
1236	9921326d5eae0f9bdf9346f684c4f612.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2420-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0006000000023220-11.dat	upx
behavioral2/memory/1236-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2420	9921326d5eae0f9bdf9346f684c4f612.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2420	9921326d5eae0f9bdf9346f684c4f612.exe
1236	9921326d5eae0f9bdf9346f684c4f612.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 1236	2420	9921326d5eae0f9bdf9346f684c4f612.exe	84
PID 2420 wrote to memory of 1236	2420	9921326d5eae0f9bdf9346f684c4f612.exe	84
PID 2420 wrote to memory of 1236	2420	9921326d5eae0f9bdf9346f684c4f612.exe	84

C:\Users\Admin\AppData\Local\Temp\9921326d5eae0f9bdf9346f684c4f612.exe

Filesize
896KB

MD5
9b908f622ed2c8bb2fb7ce985883c78b

SHA1
a94ff2dac7fe98c69f671be66cf594109131e838

SHA256
fa4aebafeae3606a64127ba3667cb62de5d581515dd7959262ed73690a6a6bf0

SHA512
bf94887e3861cadf399babb33366011b9462d4c12ea90064894df755d7e8c23ff97d4e8e5fc732a2dc9a0cf83ff7ae5eb8509f5e481ffe65cb64ac2c9ca6c72f

Download Submit
memory/1236-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1236-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1236-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1236-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1236-21-0x00000000055A0000-0x00000000057CA000-memory.dmp

Filesize
2.2MB

Download
memory/1236-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2420-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2420-1-0x0000000001C30000-0x0000000001D63000-memory.dmp

Filesize
1.2MB

Download
memory/2420-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2420-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download