4953b543ab4c688f47e3b8b2901ac2fa847369dd0e8111ac8851141af14f7504

Analysis

max time kernel
93s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 17:19

Target

9c3a1cbfe4bbfaa7d332a78ed7ea6ffc.exe
Size

2.9MB
MD5

9c3a1cbfe4bbfaa7d332a78ed7ea6ffc
SHA1

0d2e363749b114e21041c2e87644163769fe1fd2
SHA256

4953b543ab4c688f47e3b8b2901ac2fa847369dd0e8111ac8851141af14f7504
SHA512

a0c0df1a2b82bd8570b0a7fa735987b26e0952b3c93a3219ed08e52d9ad716c8014f4b8d72585b6e62d210ea819579cb382abf746f98cb24d56c2daba7e510c1
SSDEEP

49152:xYbg7Yql7axZXrMHoS4uY+vqP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:x0g7Y876NMHoS4dHgg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
228	9c3a1cbfe4bbfaa7d332a78ed7ea6ffc.exe

Executes dropped EXE 1 IoCs

pid	Process
228	9c3a1cbfe4bbfaa7d332a78ed7ea6ffc.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1632-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023223-12.dat	upx
behavioral2/memory/228-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1632	9c3a1cbfe4bbfaa7d332a78ed7ea6ffc.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1632	9c3a1cbfe4bbfaa7d332a78ed7ea6ffc.exe
228	9c3a1cbfe4bbfaa7d332a78ed7ea6ffc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 228	1632	9c3a1cbfe4bbfaa7d332a78ed7ea6ffc.exe	85
PID 1632 wrote to memory of 228	1632	9c3a1cbfe4bbfaa7d332a78ed7ea6ffc.exe	85
PID 1632 wrote to memory of 228	1632	9c3a1cbfe4bbfaa7d332a78ed7ea6ffc.exe	85

C:\Users\Admin\AppData\Local\Temp\9c3a1cbfe4bbfaa7d332a78ed7ea6ffc.exe

Filesize
448KB

MD5
476d567b6f33286ffcff656da3ac56cd

SHA1
80457aec71ca961050484637d091ca30ab6b3c84

SHA256
a0f3ac5be1fd7997dd6ea875d0096164a71108a219356d4f2ddb63fd5d9b0d8e

SHA512
cc90b4c2fa7737195595c40bd341e7fa00a7bb071dc9cfb33821331f4d4a805515558f8afc59119daa8df2147f8e0023b69ea65fdb4120a91634b744ca73d2bf

Download Submit
memory/228-15-0x0000000001CD0000-0x0000000001E03000-memory.dmp

Filesize
1.2MB

Download
memory/228-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/228-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/228-21-0x00000000055D0000-0x00000000057FA000-memory.dmp

Filesize
2.2MB

Download
memory/228-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/228-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1632-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1632-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1632-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1632-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download