ceaae03c0d028a8049e2b393042d4dc1fc1dd9d63a7e8388ad9e22ffedf0db08

Analysis

max time kernel
119s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 10:20

Target

992ba5fb1e4e04201f07a6cbb49180d5.exe
Size

2.7MB
MD5

992ba5fb1e4e04201f07a6cbb49180d5
SHA1

3c3840318aea42aa57f15f061bd73c0877118695
SHA256

ceaae03c0d028a8049e2b393042d4dc1fc1dd9d63a7e8388ad9e22ffedf0db08
SHA512

a12e9f8a45a3bf924387a66645d812ae3d8e33f78a38fbb02b654a91a94d981e3426ee50bd4d50f686229254dfd9fc78f479ea9943b6c2eeb5771ee1037cbd84
SSDEEP

49152:QmeaAGFsHG1o+cH78xmCVJmnNM0MPaiiZFm5j4fwKap:QIAGFb1r2wHvUTr4Mep

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1620	992ba5fb1e4e04201f07a6cbb49180d5.exe

Executes dropped EXE 1 IoCs

pid	Process
1620	992ba5fb1e4e04201f07a6cbb49180d5.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4104-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002321a-11.dat	upx
behavioral2/memory/1620-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4104	992ba5fb1e4e04201f07a6cbb49180d5.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4104	992ba5fb1e4e04201f07a6cbb49180d5.exe
1620	992ba5fb1e4e04201f07a6cbb49180d5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4104 wrote to memory of 1620	4104	992ba5fb1e4e04201f07a6cbb49180d5.exe	85
PID 4104 wrote to memory of 1620	4104	992ba5fb1e4e04201f07a6cbb49180d5.exe	85
PID 4104 wrote to memory of 1620	4104	992ba5fb1e4e04201f07a6cbb49180d5.exe	85

C:\Users\Admin\AppData\Local\Temp\992ba5fb1e4e04201f07a6cbb49180d5.exe

Filesize
2.4MB

MD5
ddd8229bd1bd6e1f337a61db87476587

SHA1
acd5fb918f47ad7ec992c38a01f0cd943d0611c3

SHA256
507b80e2f1e9c8921d136161d01a78b45e903dada727e0b16fbe5c3ea3489cd5

SHA512
99938319f79b907197584d7e4feaa5b7ad682770a75ac6c67ee943b993deac9e36ea6d2ca7e475b663210b19bb2a46192a79d793957da298a7080384e2e3d9ee

Download Submit
memory/1620-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1620-15-0x0000000001D50000-0x0000000001E83000-memory.dmp

Filesize
1.2MB

Download
memory/1620-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1620-20-0x0000000005650000-0x000000000587A000-memory.dmp

Filesize
2.2MB

Download
memory/1620-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1620-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4104-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4104-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4104-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4104-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download