71498a2c6d1693adfae27cd347d2ebf3aefe63763c3803d5c7eee15dd3ccc9f1

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 10:02

Target

a19711812f010c404b4f0d4a6d62af1c.exe
Size

1.5MB
MD5

a19711812f010c404b4f0d4a6d62af1c
SHA1

139f053de6cff8dd7e1d2c1f3bdf037bd8e87e9f
SHA256

71498a2c6d1693adfae27cd347d2ebf3aefe63763c3803d5c7eee15dd3ccc9f1
SHA512

6baa0aefc751a9cce7b637b73e82a641431d40b788d13d30b5a45360bb379b897e55341766f842346361b1011fb0fd324c3f8b0fe780755a22fe99c30634006d
SSDEEP

24576:UOZ/deb3Ws1rJ1kTEOm20mmaXx1FHkzl/YQk5Jg+mPeNLxEiVhEXr1RlSujMW:ngrdJOT7Ql/ReN1K/AN

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
232	a19711812f010c404b4f0d4a6d62af1c.exe

Executes dropped EXE 1 IoCs

pid	Process
232	a19711812f010c404b4f0d4a6d62af1c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/928-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00070000000230f8-11.dat	upx
behavioral2/memory/232-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
928	a19711812f010c404b4f0d4a6d62af1c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
928	a19711812f010c404b4f0d4a6d62af1c.exe
232	a19711812f010c404b4f0d4a6d62af1c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 232	928	a19711812f010c404b4f0d4a6d62af1c.exe	88
PID 928 wrote to memory of 232	928	a19711812f010c404b4f0d4a6d62af1c.exe	88
PID 928 wrote to memory of 232	928	a19711812f010c404b4f0d4a6d62af1c.exe	88

C:\Users\Admin\AppData\Local\Temp\a19711812f010c404b4f0d4a6d62af1c.exe

Filesize
896KB

MD5
7527d204c2b29bc3484bbb0652b07393

SHA1
0ab82b915087a9c93b72dd367b405592c4ff151e

SHA256
17c7a9472b7d9a73b7ee68586af16f5effbe62233d5e0d629b8f14efdc309c78

SHA512
a952e1d8f7c787248c1898d1c082ba0388a6357782db45dfec0e7071a0b9c44209fdbe9269312c7158ae3665213e81404ec54b6e11f5c7a60593692d19dfd176

Download Submit
memory/232-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/232-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/232-15-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/232-20-0x0000000005640000-0x000000000586A000-memory.dmp

Filesize
2.2MB

Download
memory/232-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/232-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/928-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/928-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/928-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/928-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download