cd9503b3c4ea5398c0d3dc000cd58fa578bd426fc9fd5901eac6930d365e95ef

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 00:25

Target

aa88872bc0454dfc95e9afc41e7f55f7.exe
Size

5.8MB
MD5

aa88872bc0454dfc95e9afc41e7f55f7
SHA1

d2044a474dff36dfff8f96bf246597842f4368f6
SHA256

cd9503b3c4ea5398c0d3dc000cd58fa578bd426fc9fd5901eac6930d365e95ef
SHA512

902f4f12bb28846eee75cd3f3cfdbb3d5b6899978ea7eb7fbef5cfe618325ca4313d2dd89b1ab811c54f2856dcef7b3e94cd9729137a7d202c67b249c4dd63c2
SSDEEP

98304:nphWFakGET3TDFJ7QpIpZyprGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5C:p5lEz1vbyppGhRaaCkN9qHGhRa

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2280	aa88872bc0454dfc95e9afc41e7f55f7.exe

Executes dropped EXE 1 IoCs

pid	Process
2280	aa88872bc0454dfc95e9afc41e7f55f7.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5284-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000001e59e-11.dat	upx
behavioral2/memory/2280-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5284	aa88872bc0454dfc95e9afc41e7f55f7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5284	aa88872bc0454dfc95e9afc41e7f55f7.exe
2280	aa88872bc0454dfc95e9afc41e7f55f7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5284 wrote to memory of 2280	5284	aa88872bc0454dfc95e9afc41e7f55f7.exe	87
PID 5284 wrote to memory of 2280	5284	aa88872bc0454dfc95e9afc41e7f55f7.exe	87
PID 5284 wrote to memory of 2280	5284	aa88872bc0454dfc95e9afc41e7f55f7.exe	87

C:\Users\Admin\AppData\Local\Temp\aa88872bc0454dfc95e9afc41e7f55f7.exe

Filesize
5.8MB

MD5
47ab2a3c1ec6b16126ac6dd76fed9f2a

SHA1
5ea598ffef692be42e62a3f2a6f71c0bf20a9506

SHA256
17a875f4c0804c829d007036163f8c8d3e8f56a9c6f1a71a56d88357c9784ba5

SHA512
e33a9faf0121dc4a12da3360ddaedd9acce7f54b6d661b88743d2afa60151b6ba723f24cf2afef15b51c767c563b6e9f52ae32abb8d0cab372fc89119b8965f9

Download Submit
memory/2280-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2280-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2280-15-0x0000000001D50000-0x0000000001E83000-memory.dmp

Filesize
1.2MB

Download
memory/2280-20-0x0000000005650000-0x000000000587A000-memory.dmp

Filesize
2.2MB

Download
memory/2280-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2280-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5284-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5284-1-0x0000000001CE0000-0x0000000001E13000-memory.dmp

Filesize
1.2MB

Download
memory/5284-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5284-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download