4229fec90d8ef553f1dbaa876686f396a10fc2b5bcfaba8d7f643f71acb03c23

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-02-2024 04:51

Target

a842bc63359dc2b98f8805c404c9f284.exe
Size

2.7MB
MD5

a842bc63359dc2b98f8805c404c9f284
SHA1

58c326f4195bd1c96384f236e3fd52090fbd94aa
SHA256

4229fec90d8ef553f1dbaa876686f396a10fc2b5bcfaba8d7f643f71acb03c23
SHA512

eedaf6c3f878a38986ca7f9525536928f6a33c0d43c10fdf018fa7d44fa398b177be54bf267dcb59ac0a22448abe78549a4db85be197302c378595ecee5d4d61
SSDEEP

49152:vMLnJOP465KmPmas/wiVFjvLSXiNDAnbyDA8ZgQt+lJ:vyIP75Kn1wy1vLasqGDsNJ

Score

7^/10

upx

Deletes itself 1 IoCs

Processes:

a842bc63359dc2b98f8805c404c9f284.exe

pid process

976 a842bc63359dc2b98f8805c404c9f284.exe
Executes dropped EXE 1 IoCs

Processes:

a842bc63359dc2b98f8805c404c9f284.exe

pid process

976 a842bc63359dc2b98f8805c404c9f284.exe

pid	process
976	a842bc63359dc2b98f8805c404c9f284.exe

pid	process
976	a842bc63359dc2b98f8805c404c9f284.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2168-0-0x0000000000400000-0x000000000086A000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\a842bc63359dc2b98f8805c404c9f284.exe	upx
behavioral2/memory/976-14-0x0000000000400000-0x000000000086A000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

Processes:

a842bc63359dc2b98f8805c404c9f284.exe

pid process

2168 a842bc63359dc2b98f8805c404c9f284.exe
Suspicious use of UnmapMainImage 2 IoCs

Processes:

a842bc63359dc2b98f8805c404c9f284.exea842bc63359dc2b98f8805c404c9f284.exe

pid process

2168 a842bc63359dc2b98f8805c404c9f284.exe
976 a842bc63359dc2b98f8805c404c9f284.exe

pid	process
2168	a842bc63359dc2b98f8805c404c9f284.exe

pid	process
2168	a842bc63359dc2b98f8805c404c9f284.exe
976	a842bc63359dc2b98f8805c404c9f284.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

a842bc63359dc2b98f8805c404c9f284.exe

description	pid	process	target process
PID 2168 wrote to memory of 976	2168	a842bc63359dc2b98f8805c404c9f284.exe	a842bc63359dc2b98f8805c404c9f284.exe
PID 2168 wrote to memory of 976	2168	a842bc63359dc2b98f8805c404c9f284.exe	a842bc63359dc2b98f8805c404c9f284.exe
PID 2168 wrote to memory of 976	2168	a842bc63359dc2b98f8805c404c9f284.exe	a842bc63359dc2b98f8805c404c9f284.exe

C:\Users\Admin\AppData\Local\Temp\a842bc63359dc2b98f8805c404c9f284.exe
Filesize
2.1MB

MD5
eb229176eff89b7ebee360fd75f1efb6

SHA1
ae619dea9cb1da1d5e72a83e5664cca41e35720b

SHA256
c5c60fc5149db9ef431bd05284d3d51ca35711fed7142c238111de4900d45b44

SHA512
bd247f9b1898a92efed7761e9920bdf765951408f0b27277af2d406dc79e2cc25c54f88aaf755de07030765e499e564a70d743660234bd047c8d01b433127bdb

Download Submit
memory/976-14-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/976-16-0x0000000001BA0000-0x0000000001CB2000-memory.dmp

Filesize
1.1MB

Download
memory/976-15-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/976-23-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2168-0-0x0000000000400000-0x000000000086A000-memory.dmp

Filesize
4.4MB

Download
memory/2168-1-0x0000000001BC0000-0x0000000001CD2000-memory.dmp

Filesize
1.1MB

Download
memory/2168-2-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download
memory/2168-13-0x0000000000400000-0x00000000005F2000-memory.dmp

Filesize
1.9MB

Download