e0e57d7ff8d7c50b667876be027ebeca8b8d4c5251379bb765f0e41b12efd93e

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-03-2024 05:29

Target

baa1b2c4408de2ffc6fe7f5bec9eaead.exe
Size

3.9MB
MD5

baa1b2c4408de2ffc6fe7f5bec9eaead
SHA1

4dd710af3a1bc15565267339660bb42c31b9f5a2
SHA256

e0e57d7ff8d7c50b667876be027ebeca8b8d4c5251379bb765f0e41b12efd93e
SHA512

36793fe74bea897b4293a060a50f1fdf829c6d1b2b5780c910b271d922ce9a783c3ad861dd676538a8ddc4e48e844c427d40140241ec5cf954ee66cf0e5037c6
SSDEEP

98304:F+s9rk5GBXqVdKgg3gnl/IVUEZboUNabSRZGT1BGgg3gnl/IVUV:7k5GRIdegl/iVZkFbSS1Agl/iG

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2024	baa1b2c4408de2ffc6fe7f5bec9eaead.exe

Executes dropped EXE 1 IoCs

pid	Process
2024	baa1b2c4408de2ffc6fe7f5bec9eaead.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3124-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000002321f-12.dat	upx
behavioral2/memory/2024-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3124	baa1b2c4408de2ffc6fe7f5bec9eaead.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3124	baa1b2c4408de2ffc6fe7f5bec9eaead.exe
2024	baa1b2c4408de2ffc6fe7f5bec9eaead.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3124 wrote to memory of 2024	3124	baa1b2c4408de2ffc6fe7f5bec9eaead.exe	89
PID 3124 wrote to memory of 2024	3124	baa1b2c4408de2ffc6fe7f5bec9eaead.exe	89
PID 3124 wrote to memory of 2024	3124	baa1b2c4408de2ffc6fe7f5bec9eaead.exe	89

C:\Users\Admin\AppData\Local\Temp\baa1b2c4408de2ffc6fe7f5bec9eaead.exe

Filesize
2.6MB

MD5
0d83be7e89aad77de7580c866cd8e476

SHA1
24237bf1355a6b1258d55b9142b2a36577563d92

SHA256
e58878e4f96ba4a978a7831042626c08c665dae932fc9a9320eb183a33bd5481

SHA512
9033efe74f543bc59cb31c97cfbbd3081322f22fc8f4108b8040be76bd60cb756074f79caa93a18777b24c640c31dc2a47e57ce5ab246a8f2e7446f363d9257e

Download Submit
memory/2024-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2024-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2024-15-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/2024-20-0x0000000005640000-0x000000000586A000-memory.dmp

Filesize
2.2MB

Download
memory/2024-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2024-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3124-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3124-1-0x0000000001DA0000-0x0000000001ED3000-memory.dmp

Filesize
1.2MB

Download
memory/3124-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3124-11-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download