4ad0523480f7d9c073ab68a901a4a53ce4a61444120f21ac7a4f4aa519795c21

Analysis

max time kernel
93s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 23:54

Target

a0ac2d7f9647acd554e45f643578911d.exe
Size

2.4MB
MD5

a0ac2d7f9647acd554e45f643578911d
SHA1

45d55c39e25699e9dcdb1a776cf29005f7e73d4e
SHA256

4ad0523480f7d9c073ab68a901a4a53ce4a61444120f21ac7a4f4aa519795c21
SHA512

b324eb070e35788c6d6acf874c87bb748a669732539782462aadc7abba53c59529fa2246bb8451a1f15de3464d1eb17947473b9942c86345a323a4f25825129e
SSDEEP

49152:Lxi4WHpOCz5d2iFDOnrMNOHP4M338dB2IBlGuuDVUsdxxjr:NDaMCz32y2MNOHgg3gnl/IVUs1jr

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4772	a0ac2d7f9647acd554e45f643578911d.exe

Executes dropped EXE 1 IoCs

pid	Process
4772	a0ac2d7f9647acd554e45f643578911d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5108-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00060000000231f8-11.dat	upx
behavioral2/memory/4772-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5108	a0ac2d7f9647acd554e45f643578911d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5108	a0ac2d7f9647acd554e45f643578911d.exe
4772	a0ac2d7f9647acd554e45f643578911d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5108 wrote to memory of 4772	5108	a0ac2d7f9647acd554e45f643578911d.exe	88
PID 5108 wrote to memory of 4772	5108	a0ac2d7f9647acd554e45f643578911d.exe	88
PID 5108 wrote to memory of 4772	5108	a0ac2d7f9647acd554e45f643578911d.exe	88

C:\Users\Admin\AppData\Local\Temp\a0ac2d7f9647acd554e45f643578911d.exe

Filesize
2.4MB

MD5
17729a681c02520a9d3cb36febe7400d

SHA1
8a68c8405a703bbb2250555e32121757766cdda1

SHA256
b2f914c8dd08b60b41b90e5c8247526e9bb23b6e4059348337229bf73fa6a03b

SHA512
139a69c89e21f906184055f108192cd309df824bc3c79b51911a229b53e5fa3f7d6ba354b0795a836a72aea896d5754b9a4c143463a103cafd1f55ed25110402

Download Submit
memory/4772-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4772-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4772-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4772-21-0x00000000055B0000-0x00000000057DA000-memory.dmp

Filesize
2.2MB

Download
memory/4772-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4772-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5108-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5108-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/5108-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5108-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download