9425565c1c89b1dda680906e4d4454dc1c5201c402046a53ff1a669a91abdf4e

Analysis

max time kernel
148s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 23:40

Target

b5f39df2d1b5863c76b031b8ad046287.exe
Size

1.5MB
MD5

b5f39df2d1b5863c76b031b8ad046287
SHA1

af30e22670423e4cf2a0c337b7525b15142801e0
SHA256

9425565c1c89b1dda680906e4d4454dc1c5201c402046a53ff1a669a91abdf4e
SHA512

fbb426df15ecab475402e6e69d683f90e3facaeced877b51b702be6b613ae1ec61e48d14506cd60a393802cf8385e1e8c21d49a01ca86c34043f9c91e8fbb937
SSDEEP

24576:YO7oouzuacf4xq6vYEDxgBfeRSWno5exPdgH4aRW:p7duzulQx/vbDxwfIXoAxFHI

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1172	b5f39df2d1b5863c76b031b8ad046287.exe

Executes dropped EXE 1 IoCs

pid	Process
1172	b5f39df2d1b5863c76b031b8ad046287.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3104-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000900000002321f-11.dat	upx
behavioral2/memory/1172-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3104	b5f39df2d1b5863c76b031b8ad046287.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3104	b5f39df2d1b5863c76b031b8ad046287.exe
1172	b5f39df2d1b5863c76b031b8ad046287.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3104 wrote to memory of 1172	3104	b5f39df2d1b5863c76b031b8ad046287.exe	87
PID 3104 wrote to memory of 1172	3104	b5f39df2d1b5863c76b031b8ad046287.exe	87
PID 3104 wrote to memory of 1172	3104	b5f39df2d1b5863c76b031b8ad046287.exe	87

C:\Users\Admin\AppData\Local\Temp\b5f39df2d1b5863c76b031b8ad046287.exe

Filesize
1.5MB

MD5
4ddb6d5c78e4c5b20d6f5711a6194211

SHA1
d3fed50743d3f487c29d9c0483650da8db0f46ba

SHA256
6241b5cc2dee1ca2a4a4fc7c6997da88237f150753f22b46d2dfc2230c077d49

SHA512
92bd5b461176e564b2d4970668d760f06b8dfcda3bf4023620e973f715db0b2f647aa0f9297eab960286c29316cbd7189f27bd7f507a48c6e71217f1b361e1f8

Download Submit
memory/1172-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1172-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1172-15-0x0000000001C90000-0x0000000001DC3000-memory.dmp

Filesize
1.2MB

Download
memory/1172-20-0x0000000005590000-0x00000000057BA000-memory.dmp

Filesize
2.2MB

Download
memory/1172-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1172-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3104-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3104-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3104-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3104-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download