42a13f016cbde5ddb90f7238e67754ca907f26b6879a445c6ea857076d1568a3

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-02-2024 23:07

Target

aa6344a754a7b33cb7c6321f17399866.exe
Size

1.5MB
MD5

aa6344a754a7b33cb7c6321f17399866
SHA1

e18beb647ec5980cf135fa1347521be120b8d5bc
SHA256

42a13f016cbde5ddb90f7238e67754ca907f26b6879a445c6ea857076d1568a3
SHA512

2392894c09d2c1f92d2f784d5b33e47c01bccb4c3a6c42fa35ac511ced2044b2ea0e6ba9ec7a6e368a5b1b30b8e2477debf066f31e3b56826391fea4b5339eb2
SSDEEP

24576:LbE44peVPN7TXxtXhGxUC33/QBiuQMle3nBnAQXo02hW:HbF3vXxtXhGd3ozQMsU02h

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4448	aa6344a754a7b33cb7c6321f17399866.exe

Executes dropped EXE 1 IoCs

pid	Process
4448	aa6344a754a7b33cb7c6321f17399866.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5100-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0004000000022747-12.dat	upx
behavioral2/memory/4448-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5100	aa6344a754a7b33cb7c6321f17399866.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5100	aa6344a754a7b33cb7c6321f17399866.exe
4448	aa6344a754a7b33cb7c6321f17399866.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 4448	5100	aa6344a754a7b33cb7c6321f17399866.exe	86
PID 5100 wrote to memory of 4448	5100	aa6344a754a7b33cb7c6321f17399866.exe	86
PID 5100 wrote to memory of 4448	5100	aa6344a754a7b33cb7c6321f17399866.exe	86

C:\Users\Admin\AppData\Local\Temp\aa6344a754a7b33cb7c6321f17399866.exe

Filesize
1.5MB

MD5
1fe471c96bfa72455c28f68a3547d51c

SHA1
0bd8df31e1674d78e3436a251842493d854a5bb8

SHA256
cab8239ceeeec7a7ad1ea8cc5b0642f160b56589f1edf9eb308108239556e99b

SHA512
755d79ad00cf3215ce231fbf82a2501f0e9f148cae138c00b77910bbd94ea5039214bf1d0b94bed7b358e726695f1bb70aedeb8486045e4441b83d2e47cb74b9

Download Submit
memory/4448-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4448-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4448-16-0x0000000001CB0000-0x0000000001DE3000-memory.dmp

Filesize
1.2MB

Download
memory/4448-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4448-22-0x00000000055B0000-0x00000000057DA000-memory.dmp

Filesize
2.2MB

Download
memory/4448-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5100-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5100-1-0x0000000001D30000-0x0000000001E63000-memory.dmp

Filesize
1.2MB

Download
memory/5100-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5100-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download