13f610764567f9b167164f0f84861c0ed778dba63130c195f2a8ca8f4601d029

Analysis

max time kernel
93s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 16:45

Target

99a3b72fef81d3215a4dd79061d19b9d.exe
Size

1.3MB
MD5

99a3b72fef81d3215a4dd79061d19b9d
SHA1

fcea1e410dd604b36ce11f9902b071653c013c40
SHA256

13f610764567f9b167164f0f84861c0ed778dba63130c195f2a8ca8f4601d029
SHA512

8b0c113ed5bed667ad78266546cf83386716784d8f66f68b058cefc5cb4513657af7e8199b89f98c49b59a85271b3265a9c0f687d08bd38fa71420e39a06cdcc
SSDEEP

24576:TbJ/x/iltsZAa3kUXhnWXs5HpOwTGJqKlh2DRKzKFmCQU5kCyTKht/AfdwTa9PX4:TbBxEXa3kgpWX+JxTulh2pF/95jKB9PI

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2996	99a3b72fef81d3215a4dd79061d19b9d.exe

Executes dropped EXE 1 IoCs

pid	Process
2996	99a3b72fef81d3215a4dd79061d19b9d.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4960-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0007000000023217-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4960	99a3b72fef81d3215a4dd79061d19b9d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4960	99a3b72fef81d3215a4dd79061d19b9d.exe
2996	99a3b72fef81d3215a4dd79061d19b9d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 2996	4960	99a3b72fef81d3215a4dd79061d19b9d.exe	85
PID 4960 wrote to memory of 2996	4960	99a3b72fef81d3215a4dd79061d19b9d.exe	85
PID 4960 wrote to memory of 2996	4960	99a3b72fef81d3215a4dd79061d19b9d.exe	85

C:\Users\Admin\AppData\Local\Temp\99a3b72fef81d3215a4dd79061d19b9d.exe

Filesize
1.3MB

MD5
11eff2ff13b3995083eea1e665742292

SHA1
e21c82698777c2ff219861bef0973c67a4b5713c

SHA256
596735503ec2083499f219dce178c25e93bc4d731c3157fd7aed05b46bd03aba

SHA512
7a736ce30d2cf04bc1a22d5723ccdf373a77c63edd620f82356087de9cb15f34c85762e5262e08b18126243ef49825158a8974de6b02ae4049e2758eae473d3d

Download Submit
memory/2996-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2996-13-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2996-16-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2996-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2996-20-0x0000000005610000-0x0000000005832000-memory.dmp

Filesize
2.1MB

Download
memory/2996-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4960-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4960-1-0x0000000001C70000-0x0000000001DA1000-memory.dmp

Filesize
1.2MB

Download
memory/4960-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4960-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download