7941698296a38a6959ac2ce4d6c2ff5d9d3773a436bf424b99749052fae58cb4

Analysis

max time kernel
135s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 11:16

Target

9b877549fab5c2c237286dfd020034be.exe
Size

1.3MB
MD5

9b877549fab5c2c237286dfd020034be
SHA1

6e661643990be503d95e6a143c52c218f1a4bfc8
SHA256

7941698296a38a6959ac2ce4d6c2ff5d9d3773a436bf424b99749052fae58cb4
SHA512

e806a4bb734988d070dc77bd78240a09008c21f21f54d2e858c7164c1869d36432951bb99611b4c0262a6e3d6d72e980f75e25752135d16ad56f1d98cf3ce83d
SSDEEP

24576:ZaYF0a3LfUy821lO/Z64O0vifAFUMqWu7CfNhmbuZCxYU9/9Us:HF0QHHEEHEiEViCH2HR9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4548	9b877549fab5c2c237286dfd020034be.exe

Executes dropped EXE 1 IoCs

pid	Process
4548	9b877549fab5c2c237286dfd020034be.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4432-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0007000000023108-11.dat	upx
behavioral2/memory/4548-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4432	9b877549fab5c2c237286dfd020034be.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4432	9b877549fab5c2c237286dfd020034be.exe
4548	9b877549fab5c2c237286dfd020034be.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4432 wrote to memory of 4548	4432	9b877549fab5c2c237286dfd020034be.exe	84
PID 4432 wrote to memory of 4548	4432	9b877549fab5c2c237286dfd020034be.exe	84
PID 4432 wrote to memory of 4548	4432	9b877549fab5c2c237286dfd020034be.exe	84

C:\Users\Admin\AppData\Local\Temp\9b877549fab5c2c237286dfd020034be.exe

Filesize
1.3MB

MD5
77d6d9fbf96a0068baa3f057e59d0ddd

SHA1
3d6c08d4c73c4214f581f6e245461528fca35b44

SHA256
e045943972782d3fb3e631a58b879ceedfbb0cdea71db4f0ecac89bfedc0f75b

SHA512
6b69ed0df61e4df3990f71db05e40f3c2d72aa6705411fc10c9c3a81a6c907a84cccf09fa1a3781168f34d07db6b8f6e086bae1950b1334a878e841d3b0b7e94

Download Submit
memory/4432-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4432-1-0x0000000001D20000-0x0000000001E51000-memory.dmp

Filesize
1.2MB

Download
memory/4432-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4432-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4548-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4548-14-0x0000000001D90000-0x0000000001EC1000-memory.dmp

Filesize
1.2MB

Download
memory/4548-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4548-20-0x0000000005680000-0x00000000058A2000-memory.dmp

Filesize
2.1MB

Download
memory/4548-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/4548-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download