f7437019bb9bc0d87483650a6c4fdf6cae5ce03e353fa76625afbb706415b266

Analysis

max time kernel
167s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 21:57

Target

bce7f536a818ea313d2c76904a0e646f.exe
Size

59KB
MD5

bce7f536a818ea313d2c76904a0e646f
SHA1

c2c255b505789b1caa2ad126ba5b13101eedc030
SHA256

f7437019bb9bc0d87483650a6c4fdf6cae5ce03e353fa76625afbb706415b266
SHA512

160f0a8d2a71b282f3cf06ecfabb94cc9f1c6956774b1b7d5063c0028f90742aa13bef21453d359693de0d7639b87386fa0643b09336ac521dfe39319d1f959b
SSDEEP

1536:5YM9RXi5jLHxtgCS9y9p5T126+aGphZN4QbOl:5Y3RdS9y97T1EhZbb

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4824	bce7f536a818ea313d2c76904a0e646f.exe

Executes dropped EXE 1 IoCs

pid	Process
4824	bce7f536a818ea313d2c76904a0e646f.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/216-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral2/files/0x0008000000023212-11.dat	upx
behavioral2/memory/4824-13-0x0000000000400000-0x000000000043D000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
216	bce7f536a818ea313d2c76904a0e646f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
216	bce7f536a818ea313d2c76904a0e646f.exe
4824	bce7f536a818ea313d2c76904a0e646f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 4824	216	bce7f536a818ea313d2c76904a0e646f.exe	91
PID 216 wrote to memory of 4824	216	bce7f536a818ea313d2c76904a0e646f.exe	91
PID 216 wrote to memory of 4824	216	bce7f536a818ea313d2c76904a0e646f.exe	91

C:\Users\Admin\AppData\Local\Temp\bce7f536a818ea313d2c76904a0e646f.exe

Filesize
59KB

MD5
81d5fd44af54fdc2e4ca57748211366d

SHA1
9723dcc8cd181c4008fe414f35202d7fd03e0239

SHA256
2b7e483777abb7a7bb4820375680a37a4bfc1884c747c4458b89876b145ebbde

SHA512
7263a2d4882440c4d7c6a25d8ddce213e1fde1c576e1f5732ce2d6aba046ad550a70ef9145b44f88014610747a75b01cf3ba5bef3abce366a8b1cac85dc96485

Download Submit
memory/216-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/216-1-0x00000000001C0000-0x00000000001CF000-memory.dmp

Filesize
60KB

Download
memory/216-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/216-12-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4824-13-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4824-15-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4824-14-0x00000000000C0000-0x00000000000CF000-memory.dmp

Filesize
60KB

Download
memory/4824-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4824-23-0x0000000001480000-0x000000000149D000-memory.dmp

Filesize
116KB

Download
memory/4824-26-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download