c304aa6cef8d99bbaef53fdb2df048182cdf54e58ba661670347973408f3db0c

Analysis

max time kernel
92s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 21:03

Target

a2c0022d321d464bc344a9d3ec4af9eb.exe
Size

2.9MB
MD5

a2c0022d321d464bc344a9d3ec4af9eb
SHA1

5c5c35e4d3a85ffc8abd617b77564cedb84859f5
SHA256

c304aa6cef8d99bbaef53fdb2df048182cdf54e58ba661670347973408f3db0c
SHA512

c71c1509d9a4495b1b99b12108922620df0806c4a6cab968e00576c658b44de4289a361983d6f683791042b550e906083dd071f9a9da708db5031282864905c0
SSDEEP

49152:d9g+wCF8aGau1B0n2hN74NH5HUyNRcUsCVOzetdZJ:dom8aFHnc4HBUCczzM3

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4884	a2c0022d321d464bc344a9d3ec4af9eb.exe

Executes dropped EXE 1 IoCs

pid	Process
4884	a2c0022d321d464bc344a9d3ec4af9eb.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2376-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002321e-12.dat	upx
behavioral2/memory/4884-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2376	a2c0022d321d464bc344a9d3ec4af9eb.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2376	a2c0022d321d464bc344a9d3ec4af9eb.exe
4884	a2c0022d321d464bc344a9d3ec4af9eb.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 4884	2376	a2c0022d321d464bc344a9d3ec4af9eb.exe	86
PID 2376 wrote to memory of 4884	2376	a2c0022d321d464bc344a9d3ec4af9eb.exe	86
PID 2376 wrote to memory of 4884	2376	a2c0022d321d464bc344a9d3ec4af9eb.exe	86

C:\Users\Admin\AppData\Local\Temp\a2c0022d321d464bc344a9d3ec4af9eb.exe

Filesize
270KB

MD5
481eeef39e6ce2eb7b190c1fce1e3098

SHA1
4bba4eb4817c931d01ee85cdd0264c5b0a514dbf

SHA256
bb1400aa0edcec2c30dc3aa01291bbfba7339f0e2ad0dd3c55a8be5bdab51cf5

SHA512
cbbe885d36362c4730c54a8d4d552086578273e49f36d4b077039fef11c08969c4eb2a507585978fda41d141d236c68e985b51fdac741a1cc980c0ef148ab02a

Download Submit
memory/2376-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2376-1-0x0000000001C70000-0x0000000001DA3000-memory.dmp

Filesize
1.2MB

Download
memory/2376-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2376-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4884-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4884-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4884-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4884-21-0x00000000056E0000-0x000000000590A000-memory.dmp

Filesize
2.2MB

Download
memory/4884-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4884-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download