76d6d25f890ec17ee67f5524cc46a6e4ef2aed36ac4785b95611459716b4fb3f

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 04:33

Target

b6843c3c13f4f2c00e6bf522f2ea4b5d.exe
Size

1.5MB
MD5

b6843c3c13f4f2c00e6bf522f2ea4b5d
SHA1

866fec16e4d9ba922f08e6739c6fdb85043fe0d1
SHA256

76d6d25f890ec17ee67f5524cc46a6e4ef2aed36ac4785b95611459716b4fb3f
SHA512

61f398309aaa7415c2ec24364d03e530d33c7d796bd2a491d9aecb72ef04305b9570fc6aedb3585b7b021e86854936a28fddf206ade13e7b0e7c81bd0fbb5ee7
SSDEEP

24576:Eithluy41m4ey5F5rmZEP3J9O6idQbNuJV9fkhmfZskWW:TM91RrT405bNuJV99PW

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
372	b6843c3c13f4f2c00e6bf522f2ea4b5d.exe

Executes dropped EXE 1 IoCs

pid	Process
372	b6843c3c13f4f2c00e6bf522f2ea4b5d.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4568-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0004000000022747-11.dat	upx
behavioral2/memory/372-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4568	b6843c3c13f4f2c00e6bf522f2ea4b5d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4568	b6843c3c13f4f2c00e6bf522f2ea4b5d.exe
372	b6843c3c13f4f2c00e6bf522f2ea4b5d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 372	4568	b6843c3c13f4f2c00e6bf522f2ea4b5d.exe	88
PID 4568 wrote to memory of 372	4568	b6843c3c13f4f2c00e6bf522f2ea4b5d.exe	88
PID 4568 wrote to memory of 372	4568	b6843c3c13f4f2c00e6bf522f2ea4b5d.exe	88

C:\Users\Admin\AppData\Local\Temp\b6843c3c13f4f2c00e6bf522f2ea4b5d.exe

Filesize
256KB

MD5
07a230623f85ea29c0e526fd5ea2e167

SHA1
09127fc52fcfacc14c5ecaa759b45aaed44c4915

SHA256
3d5ba2098d433e40685260c6cf42bd14175e8ae856afb683a69f46f32eed5d60

SHA512
de1bfa79aea1a05ba084ef25fb0885b99d104cc481647ccc3170b5d977a9d939efd2a6025a5e181a23e026f4cac456240461e27bd5153bbebe0a1b2faa002d59

Download Submit
memory/372-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/372-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/372-14-0x0000000001D00000-0x0000000001E33000-memory.dmp

Filesize
1.2MB

Download
memory/372-21-0x0000000005600000-0x000000000582A000-memory.dmp

Filesize
2.2MB

Download
memory/372-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/372-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4568-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4568-1-0x0000000001CC0000-0x0000000001DF3000-memory.dmp

Filesize
1.2MB

Download
memory/4568-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4568-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download