b4aa7f85ea26f14899fffa322dfefe1303912d88f319387b2b64c6d389f2b2ec

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 14:49

Target

a21e0599afe06362cf1269bd7d09d938.exe
Size

5.8MB
MD5

a21e0599afe06362cf1269bd7d09d938
SHA1

1a840676e6c7845b2e7b956ed072d65d8bd4ea5c
SHA256

b4aa7f85ea26f14899fffa322dfefe1303912d88f319387b2b64c6d389f2b2ec
SHA512

efcdac042a67f47e3d24ad5e2d0a3ae4204b2a482cc3be38485d552a25830a37d52bb85661d945c381a9e62c9834b81ff63e781c0bf57566f69d3f77aa0aa6be
SSDEEP

98304:qqiFOhI6Z/aY9fuZHau42c1joCjMPkNwk6366QOD6O5qjTKIHau42c1joCjMPkNQ:JZhI6ZaY8Fauq1jI86f6U+O5qjT3auqq

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1772	a21e0599afe06362cf1269bd7d09d938.exe

Executes dropped EXE 1 IoCs

pid	Process
1772	a21e0599afe06362cf1269bd7d09d938.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3116-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023122-11.dat	upx
behavioral2/memory/1772-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3116	a21e0599afe06362cf1269bd7d09d938.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3116	a21e0599afe06362cf1269bd7d09d938.exe
1772	a21e0599afe06362cf1269bd7d09d938.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3116 wrote to memory of 1772	3116	a21e0599afe06362cf1269bd7d09d938.exe	84
PID 3116 wrote to memory of 1772	3116	a21e0599afe06362cf1269bd7d09d938.exe	84
PID 3116 wrote to memory of 1772	3116	a21e0599afe06362cf1269bd7d09d938.exe	84

C:\Users\Admin\AppData\Local\Temp\a21e0599afe06362cf1269bd7d09d938.exe

Filesize
3.0MB

MD5
bbea8004208e8a0d918c1fd2e18c709b

SHA1
db9b697ad0830da60f26a662f957a2b582affe27

SHA256
ef920b0bbf2158e29e5919f8af275ba7e6b727900e0c5fe06cfc8002c1129dc4

SHA512
0e7ea1f28168e96e595e016eacb16d5c30ed0e67f8ebdb988a1c311a08208d06cbf5201616ce4aa4a74b6c5f3bc9d10ffba705f98a3428c62aed37f514c6ef22

Download Submit
memory/1772-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1772-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1772-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1772-20-0x00000000055D0000-0x00000000057FA000-memory.dmp

Filesize
2.2MB

Download
memory/1772-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1772-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3116-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3116-1-0x0000000001D80000-0x0000000001EB3000-memory.dmp

Filesize
1.2MB

Download
memory/3116-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3116-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download