df2e007875871660b196abeedca30db0920c6801fd77b73bf8f1f4ce8f82945b

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 11:43

Target

b49eff2810e069bbf5d8edce8f48257a.exe
Size

1.3MB
MD5

b49eff2810e069bbf5d8edce8f48257a
SHA1

83cc7b12f44aa5339bbbfa34fef84a1b5ee0a54a
SHA256

df2e007875871660b196abeedca30db0920c6801fd77b73bf8f1f4ce8f82945b
SHA512

ebcc5ec1f525a2e4ff3cf1c26da24f6cd8dfb16e07f9de3572615f35f4897ed4c4c3804532950af7d4ea079452b8ead6735e57aa28b5c80276b40c3e94d5f0fb
SSDEEP

24576:UX14C+VtOWIv9mqwkMeltenBmpCnsJX9hJCPK3uI7gP1zx3socWc:lttToQqwdelgB6ke60uI7g9mocp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4608	b49eff2810e069bbf5d8edce8f48257a.exe

Executes dropped EXE 1 IoCs

pid	Process
4608	b49eff2810e069bbf5d8edce8f48257a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3176-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0004000000022747-11.dat	upx
behavioral2/memory/4608-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3176	b49eff2810e069bbf5d8edce8f48257a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3176	b49eff2810e069bbf5d8edce8f48257a.exe
4608	b49eff2810e069bbf5d8edce8f48257a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 4608	3176	b49eff2810e069bbf5d8edce8f48257a.exe	87
PID 3176 wrote to memory of 4608	3176	b49eff2810e069bbf5d8edce8f48257a.exe	87
PID 3176 wrote to memory of 4608	3176	b49eff2810e069bbf5d8edce8f48257a.exe	87

C:\Users\Admin\AppData\Local\Temp\b49eff2810e069bbf5d8edce8f48257a.exe

Filesize
1.3MB

MD5
54bccc81512655103772db786a70c604

SHA1
1c0ef2ea0cbf4e59249f619669a8d7fa9d7023f3

SHA256
2c4c7f670eb0bb8f7f4b7404ace06cad3c0bd1273d00eec6f4663f05030b5bb6

SHA512
fb123be6c398f8e124fdebb7fcd8975bcbeebbdedee516aad6437337bb83809d42c5e59f9e39a871527431902d6a98fbbf2f18d9174f9c1894c61fb39ce23038

Download Submit
memory/3176-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3176-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3176-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3176-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4608-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4608-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4608-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4608-20-0x0000000005540000-0x000000000576A000-memory.dmp

Filesize
2.2MB

Download
memory/4608-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4608-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download