e157b420557c7faea80fcccc670330e5bd7ad22a482670421284f4e11975aab8

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 17:28

Target

a9bddf102fefd9f881b7f443329b5b19.exe
Size

2.9MB
MD5

a9bddf102fefd9f881b7f443329b5b19
SHA1

3c96b9d854a3cb2280f342e24ddc4fbf5d96c466
SHA256

e157b420557c7faea80fcccc670330e5bd7ad22a482670421284f4e11975aab8
SHA512

709f010f6240b47ed79edcf594a56a2b8c2c220288089fc589e586a6ca73e18acf6b3a3afb0e3b16b9f705b5855b15af343d39d3eee3de89ceac1168f66d29e7
SSDEEP

49152:JF5WC7UQvSH9o/cnP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:t7pSdAcngg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2524	a9bddf102fefd9f881b7f443329b5b19.exe

Executes dropped EXE 1 IoCs

pid	Process
2524	a9bddf102fefd9f881b7f443329b5b19.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3552-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000200000001f656-11.dat	upx
behavioral2/memory/2524-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3552	a9bddf102fefd9f881b7f443329b5b19.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3552	a9bddf102fefd9f881b7f443329b5b19.exe
2524	a9bddf102fefd9f881b7f443329b5b19.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3552 wrote to memory of 2524	3552	a9bddf102fefd9f881b7f443329b5b19.exe	87
PID 3552 wrote to memory of 2524	3552	a9bddf102fefd9f881b7f443329b5b19.exe	87
PID 3552 wrote to memory of 2524	3552	a9bddf102fefd9f881b7f443329b5b19.exe	87

C:\Users\Admin\AppData\Local\Temp\a9bddf102fefd9f881b7f443329b5b19.exe

Filesize
2.9MB

MD5
ec128e86c7891369944734cbe523a7c1

SHA1
7a92eafc816e9c626be55f589bb54000a58b4fac

SHA256
2e77b6945588f659c5f7d36d6f4feb6dff877e91414556429cce979fd5df7ff6

SHA512
23bf1a81e6c792d26ade16de0de4332520a13ce10170a75e820cd86a2e1e87d6aea371623cb6cee8a4f900d2fd88163cd1a7ed753bcc9b65e84cca9ca47a3a97

Download Submit
memory/2524-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2524-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2524-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2524-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2524-21-0x0000000005700000-0x000000000592A000-memory.dmp

Filesize
2.2MB

Download
memory/2524-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3552-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3552-1-0x0000000001C30000-0x0000000001D63000-memory.dmp

Filesize
1.2MB

Download
memory/3552-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3552-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download