20ccce0ba6a24255c6783a54e9f7ccbbbc89f2fbd11111ef19f31a52dcc54eeb

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 13:41

Target

b789ec35515287aac8ee1ac6c17fb6eb.exe
Size

1.3MB
MD5

b789ec35515287aac8ee1ac6c17fb6eb
SHA1

299f62d04e01b12901eee66bfa46b0f8294a7595
SHA256

20ccce0ba6a24255c6783a54e9f7ccbbbc89f2fbd11111ef19f31a52dcc54eeb
SHA512

7b23ffe58de7ecaa69f90a22ec3a0a2a48da68e9cbf3fbf866ed8b0dde0473b5bfc8255391047f8c1e5c8ab8b7435ed4e134456b5863e460a38bccbb29d8cc27
SSDEEP

24576:4i2q4fMGfxK/XFyxZpoYfS9VkkvoZs8nCcewS+rSLJ3xd7tVWWO:qfMGo/XFW+YgJqeTL1xd7tkf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1420	b789ec35515287aac8ee1ac6c17fb6eb.exe

Executes dropped EXE 1 IoCs

pid	Process
1420	b789ec35515287aac8ee1ac6c17fb6eb.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1480-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000300000001e9a0-11.dat	upx
behavioral2/memory/1420-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1480	b789ec35515287aac8ee1ac6c17fb6eb.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1480	b789ec35515287aac8ee1ac6c17fb6eb.exe
1420	b789ec35515287aac8ee1ac6c17fb6eb.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 1420	1480	b789ec35515287aac8ee1ac6c17fb6eb.exe	89
PID 1480 wrote to memory of 1420	1480	b789ec35515287aac8ee1ac6c17fb6eb.exe	89
PID 1480 wrote to memory of 1420	1480	b789ec35515287aac8ee1ac6c17fb6eb.exe	89

C:\Users\Admin\AppData\Local\Temp\b789ec35515287aac8ee1ac6c17fb6eb.exe

Filesize
1.3MB

MD5
a9ffddc7ef3d9b63c4dbb3756490e247

SHA1
40c2092035013f311629d0714c44d9375f91d6c1

SHA256
6fd7e70bd1aa212626ea9d038c607214647cb1a3bc0168cd9b839b8662d07d3e

SHA512
0867e72dc9f59e1ea8250eff5a0edd9616735b06b5e60da2405356a0ef82f712272cab6a1a92ec79fb496cc7b5ebaa6b77348db3e54bcf8d2418ee195d2e4bfe

Download Submit
memory/1420-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1420-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1420-16-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/1420-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1420-21-0x0000000005640000-0x000000000586A000-memory.dmp

Filesize
2.2MB

Download
memory/1420-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1480-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1480-1-0x0000000001DF0000-0x0000000001F23000-memory.dmp

Filesize
1.2MB

Download
memory/1480-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1480-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download