a20af895511ed2bd5a4f3b582479d864345df1d484b2918fa33361bc19f1b3a8

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 04:10

Target

aaf8c30b6b8aac10cbdf4e91e2339615.exe
Size

2.7MB
MD5

aaf8c30b6b8aac10cbdf4e91e2339615
SHA1

8be90121e2aa03e2ad55ef1cf1067602c527d2a8
SHA256

a20af895511ed2bd5a4f3b582479d864345df1d484b2918fa33361bc19f1b3a8
SHA512

8da599c4329dfe584b3b66fa5f0b4235cf63da63a6e81fcedc317e732d22bd1b66bb75c0e5a45a7b1a88d5b2ec70168b6bf109dca1d7a68edc47a0e654473d94
SSDEEP

49152:VbANagjK/lo3NVliaxpMJA6m4El72W/vKbb//0Sw6j7CSwzBNTyMcp:VbYaNN8Vpx+JA6m4EMWabb//0SFj7Xw8

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3584	aaf8c30b6b8aac10cbdf4e91e2339615.exe

Executes dropped EXE 1 IoCs

pid	Process
3584	aaf8c30b6b8aac10cbdf4e91e2339615.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2576-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023227-11.dat	upx
behavioral2/memory/3584-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2576	aaf8c30b6b8aac10cbdf4e91e2339615.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2576	aaf8c30b6b8aac10cbdf4e91e2339615.exe
3584	aaf8c30b6b8aac10cbdf4e91e2339615.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 3584	2576	aaf8c30b6b8aac10cbdf4e91e2339615.exe	88
PID 2576 wrote to memory of 3584	2576	aaf8c30b6b8aac10cbdf4e91e2339615.exe	88
PID 2576 wrote to memory of 3584	2576	aaf8c30b6b8aac10cbdf4e91e2339615.exe	88

C:\Users\Admin\AppData\Local\Temp\aaf8c30b6b8aac10cbdf4e91e2339615.exe

Filesize
2.7MB

MD5
3d49173bb2cae9feb70fae5128328c4b

SHA1
5991ae617e27cd85b21934afb906a6687154b346

SHA256
86dc84108cc717e2d29c48763d272f19406aa13f35d48aa5d6c79def5bdf30a0

SHA512
d70521d64c7744fff9c0a56d90e1607156f5568f8fb3882a46028d444204dc1bcaaecfb2780699bec8f097cabdb45eda2f8252d03a0d7af30f0c27b1840c8c36

Download Submit
memory/2576-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2576-1-0x0000000001D00000-0x0000000001E33000-memory.dmp

Filesize
1.2MB

Download
memory/2576-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2576-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3584-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3584-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3584-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3584-21-0x0000000005550000-0x000000000577A000-memory.dmp

Filesize
2.2MB

Download
memory/3584-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3584-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download