0fc3d88a9540e61eb968ee4c7b3b87e898a88d9cf7220bed3790929c419b25bd

Analysis

max time kernel
91s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 11:39

Target

995407b6341185529c21541834613b70.exe
Size

11.7MB
MD5

995407b6341185529c21541834613b70
SHA1

a42372fdf2fa832c68d83af50d00cc64b844ed3d
SHA256

0fc3d88a9540e61eb968ee4c7b3b87e898a88d9cf7220bed3790929c419b25bd
SHA512

9e39d26a78fffd9a32087f8f363af3f7bf38832c635b47516bfc6be7d1d4f712420da08d29e8e83a1784c601db887a041047c135eb0560ff0c0f249c815efe32
SSDEEP

196608:70Ngu0mnmPEGWC5vVjWWCWIcZ4kbWC5vVjWWC:Y57jGoYWkbo

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2836	995407b6341185529c21541834613b70.exe

Executes dropped EXE 1 IoCs

pid	Process
2836	995407b6341185529c21541834613b70.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3364-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023224-11.dat	upx
behavioral2/memory/2836-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3364	995407b6341185529c21541834613b70.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3364	995407b6341185529c21541834613b70.exe
2836	995407b6341185529c21541834613b70.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3364 wrote to memory of 2836	3364	995407b6341185529c21541834613b70.exe	85
PID 3364 wrote to memory of 2836	3364	995407b6341185529c21541834613b70.exe	85
PID 3364 wrote to memory of 2836	3364	995407b6341185529c21541834613b70.exe	85

C:\Users\Admin\AppData\Local\Temp\995407b6341185529c21541834613b70.exe

Filesize
11.7MB

MD5
0997fad0f193b9ff29072ef3b35ac744

SHA1
377ccee0551edd1bb644003ea5d3b6946aaa8a9d

SHA256
fec1fb3185c26b9597b7b9d3750311359ded763a5dad40a58d7d69b47146ba76

SHA512
1dd7144f464ccee7b3a19cff02ffdb60477ff1ef1b6a251e81ccc608e9a4da10472ca82702ec71ecd584408ad9146005cdd069fa56a623642bee331319e8cef6

Download Submit
memory/2836-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2836-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2836-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2836-20-0x00000000056C0000-0x00000000058EA000-memory.dmp

Filesize
2.2MB

Download
memory/2836-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2836-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3364-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3364-1-0x0000000001A30000-0x0000000001B63000-memory.dmp

Filesize
1.2MB

Download
memory/3364-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3364-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download