ddf78e30605e31fa01e0a0368c7615e9f4e2181f94e85633f597424c3ed78872

Analysis

max time kernel
93s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 00:57

Target

ad4a514d2475ccbafe6872e566dc1fd2.exe
Size

5.8MB
MD5

ad4a514d2475ccbafe6872e566dc1fd2
SHA1

853ae9abb439f739581cb8dfce804bae7f4d5d0b
SHA256

ddf78e30605e31fa01e0a0368c7615e9f4e2181f94e85633f597424c3ed78872
SHA512

ed40f9c366dcbc516c6d86f88cf5c4ef407d7f586f70e7de6ae013d79d9d3b964e327410074371706a6d88c695cd174deb89acbbb5c6487975ce4f5173baff6f
SSDEEP

98304:23GOwc0jEZiGQZaXhP5a9UEI+eG9jAkbkR79D+cVItGQZaXhP5a9UEI+eG:2WOwnj28GhRaaCkN9qHGhRa

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1676	ad4a514d2475ccbafe6872e566dc1fd2.exe

Executes dropped EXE 1 IoCs

pid	Process
1676	ad4a514d2475ccbafe6872e566dc1fd2.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1452-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000001e59e-11.dat	upx
behavioral2/memory/1676-12-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1452	ad4a514d2475ccbafe6872e566dc1fd2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1452	ad4a514d2475ccbafe6872e566dc1fd2.exe
1676	ad4a514d2475ccbafe6872e566dc1fd2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1452 wrote to memory of 1676	1452	ad4a514d2475ccbafe6872e566dc1fd2.exe	87
PID 1452 wrote to memory of 1676	1452	ad4a514d2475ccbafe6872e566dc1fd2.exe	87
PID 1452 wrote to memory of 1676	1452	ad4a514d2475ccbafe6872e566dc1fd2.exe	87

C:\Users\Admin\AppData\Local\Temp\ad4a514d2475ccbafe6872e566dc1fd2.exe

Filesize
1.7MB

MD5
eda31f22b69864c008f92896f843c87b

SHA1
4f2a4d3a09f189793bda6ce8eef5e5d02519fd47

SHA256
3ed195ceca5cf9c7a4c8ddafd7335403a26806e380ee110054b26aa9ca49e91f

SHA512
721e92df5278e3925fee654f2df23bf5a67e5191b4372ddf715441482aac3431e09e54f012a4c77cf25f6c5e160e9670937e609837c95c8fa3d0dee1256cd64d

Download Submit
memory/1452-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1452-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1452-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1452-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1676-14-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/1676-12-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1676-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1676-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1676-22-0x0000000005620000-0x000000000584A000-memory.dmp

Filesize
2.2MB

Download
memory/1676-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download