d1e127a9aa796d28f59e6ec97049f7024e0053b5fa5d8c71dc12e89161c6b161

Analysis

max time kernel
93s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 06:05

Target

a121ff9be7bd71627861f3ca11a85e43.exe
Size

1.5MB
MD5

a121ff9be7bd71627861f3ca11a85e43
SHA1

6a35d0ae71764af69b19cf9459e70eb2348ba02c
SHA256

d1e127a9aa796d28f59e6ec97049f7024e0053b5fa5d8c71dc12e89161c6b161
SHA512

40d99a65e953cd417d66edea43ac1fb31717bfe0cc25c7cfabbd0dd2b0e7ee3902ae078841d3c8029fdf312a4c94028020fdc6897c4029f1c57411f352871e24
SSDEEP

24576:tBvFqdmmSX8ryT+H1BrFX0hpo2Z4zChyxUaJLymtYPWW:t5Qh8myTQUhpfZ4zCqrLGW

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3612	a121ff9be7bd71627861f3ca11a85e43.exe

Executes dropped EXE 1 IoCs

pid	Process
3612	a121ff9be7bd71627861f3ca11a85e43.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3848-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000300000001fc40-12.dat	upx
behavioral2/memory/3612-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3848	a121ff9be7bd71627861f3ca11a85e43.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3848	a121ff9be7bd71627861f3ca11a85e43.exe
3612	a121ff9be7bd71627861f3ca11a85e43.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3848 wrote to memory of 3612	3848	a121ff9be7bd71627861f3ca11a85e43.exe	90
PID 3848 wrote to memory of 3612	3848	a121ff9be7bd71627861f3ca11a85e43.exe	90
PID 3848 wrote to memory of 3612	3848	a121ff9be7bd71627861f3ca11a85e43.exe	90

C:\Users\Admin\AppData\Local\Temp\a121ff9be7bd71627861f3ca11a85e43.exe

Filesize
1.5MB

MD5
0c8958b0110930e572a95e3d6e48cdd1

SHA1
0ef491b7c73907610fa166b4b13c0826eea8d166

SHA256
a88fe2b42a2f11a5aaf49beea8ec0e39caa4a54df5cf9b850b9c2dd40fa5fc6c

SHA512
20915d899e8bfa3f19baf6d72eb8cefa94fe57e44988f00b3bbba6e5ad197552a676aff203078d8cd165ea27c922be86adbbad46eb947ecdc5c0ef51e8552f87

Download Submit
memory/3612-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3612-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3612-16-0x0000000001D10000-0x0000000001E43000-memory.dmp

Filesize
1.2MB

Download
memory/3612-22-0x0000000005610000-0x000000000583A000-memory.dmp

Filesize
2.2MB

Download
memory/3612-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3612-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3848-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3848-1-0x0000000001D50000-0x0000000001E83000-memory.dmp

Filesize
1.2MB

Download
memory/3848-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3848-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download