fb0cbdb972cadfc93d73e29f52393295b891651b39f3d543344cff3a2cc059d2

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 20:53

Target

b82a0e42b0eb0678a07caaf7a0d0a080.exe
Size

59KB
MD5

b82a0e42b0eb0678a07caaf7a0d0a080
SHA1

89fb159e755fc102256e364c3f8f38e38a777cb0
SHA256

fb0cbdb972cadfc93d73e29f52393295b891651b39f3d543344cff3a2cc059d2
SHA512

cbc3d26f4cb5452e48691c41e1a4c030e4e76d85fbf397c016fcbc8396383a1a37933a27083de6820d07bfe4d3f524367510bcaa6992bcfdc676a4414099480c
SSDEEP

1536:qfDn0YhvSI0PL2ItwJ/EoLM39pr1qb122j+ObJa:gn0YZPQ2ItwJ/a7w122lbM

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1964	b82a0e42b0eb0678a07caaf7a0d0a080.exe

Executes dropped EXE 1 IoCs

pid	Process
1964	b82a0e42b0eb0678a07caaf7a0d0a080.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2844-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral2/files/0x000400000001e5eb-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2844	b82a0e42b0eb0678a07caaf7a0d0a080.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2844	b82a0e42b0eb0678a07caaf7a0d0a080.exe
1964	b82a0e42b0eb0678a07caaf7a0d0a080.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 1964	2844	b82a0e42b0eb0678a07caaf7a0d0a080.exe	90
PID 2844 wrote to memory of 1964	2844	b82a0e42b0eb0678a07caaf7a0d0a080.exe	90
PID 2844 wrote to memory of 1964	2844	b82a0e42b0eb0678a07caaf7a0d0a080.exe	90

C:\Users\Admin\AppData\Local\Temp\b82a0e42b0eb0678a07caaf7a0d0a080.exe

Filesize
59KB

MD5
ce61d2762798184b1abf4d8a4a209e04

SHA1
4e1323bbe53727e24155968d91dd93f07e9399c8

SHA256
0c09031a58e1813710c8df5b5915888cb8b4cceca8d7198e24d3d611a2eed730

SHA512
4375d4fc8ebf2a1334ce3bff90dab1d3b937f17470d47e72a252c117691491eeabdf62b3408388401273ec803b661d32bac9b2b4809eb8cffb435e7a988eb4f9

Download Submit
memory/1964-13-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1964-14-0x0000000000190000-0x000000000019F000-memory.dmp

Filesize
60KB

Download
memory/1964-16-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1964-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/1964-23-0x00000000015B0000-0x00000000015CD000-memory.dmp

Filesize
116KB

Download
memory/1964-26-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2844-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2844-1-0x00000000000E0000-0x00000000000EF000-memory.dmp

Filesize
60KB

Download
memory/2844-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2844-12-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download