be31c293190995d5c8d36a03ecb9bc93e8703e3b5d0a69dd806ea47ba661b308

Analysis

max time kernel
121s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-02-2024 21:13

Target

a75df0c910c76d2dcb6f5f242091ffe2.exe
Size

2.9MB
MD5

a75df0c910c76d2dcb6f5f242091ffe2
SHA1

698d2defe3340a436aefd4521a83a82a75c68d40
SHA256

be31c293190995d5c8d36a03ecb9bc93e8703e3b5d0a69dd806ea47ba661b308
SHA512

8404b41535c10a772745e34b892c195fa7fd4895558f6eea74574961a5e51fb78a71886511131ceca59bbecb3db66430ff252780ea4b890fafa5ce17067eff47
SSDEEP

49152:fRHeTQKP6bSKBNbk1jErYc2WzryMhpxQqbrsI8ONP4M338dB2IBlGuuDVUsdxxjl:ftmP65BNCjEkc/z2tVPONgg3gnl/IVU8

Score

7^/10

upx

Deletes itself 1 IoCs

Processes:

a75df0c910c76d2dcb6f5f242091ffe2.exe

pid process

3632 a75df0c910c76d2dcb6f5f242091ffe2.exe
Executes dropped EXE 1 IoCs

Processes:

a75df0c910c76d2dcb6f5f242091ffe2.exe

pid process

3632 a75df0c910c76d2dcb6f5f242091ffe2.exe

pid	process
3632	a75df0c910c76d2dcb6f5f242091ffe2.exe

pid	process
3632	a75df0c910c76d2dcb6f5f242091ffe2.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/1068-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\a75df0c910c76d2dcb6f5f242091ffe2.exe	upx

Suspicious behavior: RenamesItself 1 IoCs

Processes:

a75df0c910c76d2dcb6f5f242091ffe2.exe

pid process

1068 a75df0c910c76d2dcb6f5f242091ffe2.exe
Suspicious use of UnmapMainImage 2 IoCs

Processes:

a75df0c910c76d2dcb6f5f242091ffe2.exea75df0c910c76d2dcb6f5f242091ffe2.exe

pid process

1068 a75df0c910c76d2dcb6f5f242091ffe2.exe
3632 a75df0c910c76d2dcb6f5f242091ffe2.exe

pid	process
1068	a75df0c910c76d2dcb6f5f242091ffe2.exe

pid	process
1068	a75df0c910c76d2dcb6f5f242091ffe2.exe
3632	a75df0c910c76d2dcb6f5f242091ffe2.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

a75df0c910c76d2dcb6f5f242091ffe2.exe

description	pid	process	target process
PID 1068 wrote to memory of 3632	1068	a75df0c910c76d2dcb6f5f242091ffe2.exe	a75df0c910c76d2dcb6f5f242091ffe2.exe
PID 1068 wrote to memory of 3632	1068	a75df0c910c76d2dcb6f5f242091ffe2.exe	a75df0c910c76d2dcb6f5f242091ffe2.exe
PID 1068 wrote to memory of 3632	1068	a75df0c910c76d2dcb6f5f242091ffe2.exe	a75df0c910c76d2dcb6f5f242091ffe2.exe

C:\Users\Admin\AppData\Local\Temp\a75df0c910c76d2dcb6f5f242091ffe2.exe

Filesize
2.9MB

MD5
48f1167f6810b3a2463dcd14dce2f7e8

SHA1
d8381db5482f046339878abc3ce9376718ea1757

SHA256
913ea4586fdad96c1af13933d844bb30effa6bc962be6f314fa35822ec9ee0cf

SHA512
de901886cc4b5ad233d1b8ede7bf7a23fbe924ddf55ab6694dbfc965f2dd89283afffbc884776c5bd141e64c7ae3fbc039fd6f8a51231ec3581ac5c254975861

Download Submit
memory/1068-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1068-1-0x0000000001C70000-0x0000000001DA3000-memory.dmp

Filesize
1.2MB

Download
memory/1068-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1068-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3632-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3632-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3632-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3632-21-0x00000000055D0000-0x00000000057FA000-memory.dmp

Filesize
2.2MB

Download
memory/3632-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3632-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download