5f45eafd67a69f292f2abef051204ed531aeb41af96cd9c89c403383c6823459

Analysis

max time kernel
93s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 03:02

Target

bd802f5a6036c0b884eeabbb2cfd7973.exe
Size

2.7MB
MD5

bd802f5a6036c0b884eeabbb2cfd7973
SHA1

0cfe5439721f8f4014b936adc0680e10b742f217
SHA256

5f45eafd67a69f292f2abef051204ed531aeb41af96cd9c89c403383c6823459
SHA512

d4701770fa053bf2e33c0812e54a3a9e458f1758e109202451885adb58f0364d519dad74d18102c0ae28aba8f47b6f9761025690a6e9d020a666fc1b12e6530d
SSDEEP

49152:EznAyE26+GRIeOeaA/ZVQh4fKWwkHkETaYSONmqMQOwBcfp:EjFBLYjO2gh4fKBkHPR7NtvOw2fp

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
5108	bd802f5a6036c0b884eeabbb2cfd7973.exe

Executes dropped EXE 1 IoCs

pid	Process
5108	bd802f5a6036c0b884eeabbb2cfd7973.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3736-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023208-11.dat	upx
behavioral2/memory/5108-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3736	bd802f5a6036c0b884eeabbb2cfd7973.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3736	bd802f5a6036c0b884eeabbb2cfd7973.exe
5108	bd802f5a6036c0b884eeabbb2cfd7973.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 5108	3736	bd802f5a6036c0b884eeabbb2cfd7973.exe	86
PID 3736 wrote to memory of 5108	3736	bd802f5a6036c0b884eeabbb2cfd7973.exe	86
PID 3736 wrote to memory of 5108	3736	bd802f5a6036c0b884eeabbb2cfd7973.exe	86

C:\Users\Admin\AppData\Local\Temp\bd802f5a6036c0b884eeabbb2cfd7973.exe

Filesize
2.7MB

MD5
317283fa87f9bd12e798dd76ad3ff055

SHA1
59b4bc416b526896f5c3bc98688936a9e043945e

SHA256
8671073616d8863e1b4b719cce06132f4361f18d9de2e9597190ad72d0d8ffef

SHA512
0a10915e8c9a05a0a3a7147ae8ad52919cf6652426df7ddc78dabf3072da80c6589a5ce4300aeb970c74eeab73b72d226b33fd305a0e5b8ef8ccf7e5b825c1c2

Download Submit
memory/3736-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3736-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3736-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3736-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5108-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5108-15-0x0000000001CF0000-0x0000000001E23000-memory.dmp

Filesize
1.2MB

Download
memory/5108-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5108-21-0x00000000055F0000-0x000000000581A000-memory.dmp

Filesize
2.2MB

Download
memory/5108-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/5108-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download