c7859936d11021ebd81407be66bd84ec3d20e67feaf7999836117190684d2a23

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2024 16:53

Target

b9316e5c145b0b0d1a59636d9cfa885e.exe
Size

1.5MB
MD5

b9316e5c145b0b0d1a59636d9cfa885e
SHA1

f1e384374ae3703f2ed94e189b005d31d966923b
SHA256

c7859936d11021ebd81407be66bd84ec3d20e67feaf7999836117190684d2a23
SHA512

fe7b6dc5dbe5c03e05d2a4194225324bd60ab393fe12d68b07af5f5e86e464aa7bb0c8f8d69abfcc5f80840b83269f6d3491dfaf75612979da03d49b452dc145
SSDEEP

24576:XNFBZWwNacWLMKq+X7FjKL4xfnXtdiBIpToyvgHykQW:XbO3Lbq+4QPty+kykQ

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1132	b9316e5c145b0b0d1a59636d9cfa885e.exe

Executes dropped EXE 1 IoCs

pid	Process
1132	b9316e5c145b0b0d1a59636d9cfa885e.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4088-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000001e980-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4088	b9316e5c145b0b0d1a59636d9cfa885e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4088	b9316e5c145b0b0d1a59636d9cfa885e.exe
1132	b9316e5c145b0b0d1a59636d9cfa885e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 1132	4088	b9316e5c145b0b0d1a59636d9cfa885e.exe	87
PID 4088 wrote to memory of 1132	4088	b9316e5c145b0b0d1a59636d9cfa885e.exe	87
PID 4088 wrote to memory of 1132	4088	b9316e5c145b0b0d1a59636d9cfa885e.exe	87

C:\Users\Admin\AppData\Local\Temp\b9316e5c145b0b0d1a59636d9cfa885e.exe

Filesize
1.5MB

MD5
29870dd3cd58fa5abcc3195a2d099c03

SHA1
3819bf7cbaa7164ed0a0654b208d8b1b0c95a6e2

SHA256
23cf6af3c09cbb314404c0692ec43499b23badf889f42d82e82aea5323e7d3a8

SHA512
c9227af909fc4fbbdd2dc605710db238f810749b76562ce4e6eadd2c57a6a3354a8e71e5e07210a4930ea532a78811305ebbd13af8d38bc6a9adb540d9d45cc0

Download Submit
memory/1132-13-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1132-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1132-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1132-20-0x0000000005590000-0x00000000057BA000-memory.dmp

Filesize
2.2MB

Download
memory/1132-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1132-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4088-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4088-1-0x0000000001DF0000-0x0000000001F23000-memory.dmp

Filesize
1.2MB

Download
memory/4088-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4088-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download