2ae7a48bcf7930076298cd9a181de3bc83effe79699eea4e17cac316ec02dd25

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 16:31

Target

bf13a6c376b5a1496e188dd07a47dfbe.exe
Size

1.3MB
MD5

bf13a6c376b5a1496e188dd07a47dfbe
SHA1

4fb44812189a6a7685437de91361482c5fd469ed
SHA256

2ae7a48bcf7930076298cd9a181de3bc83effe79699eea4e17cac316ec02dd25
SHA512

a48ef8c77bb1ffb026666eed717b72a074254481cfd7833d0fa9c9176c0d6659689f16e9b2c3af3b0daad4f51bc12c570474a1885655811cfe7d03dda10576e5
SSDEEP

24576:zE3BsSSdWQXZgzGdhH7nmNmZtr+HObuHzrzNSqOUbXXBVgePcNUd09dEU9/9Us:zE3iBdWQXukJmN0eOizrzYkLxp0R9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1612	bf13a6c376b5a1496e188dd07a47dfbe.exe

Executes dropped EXE 1 IoCs

pid	Process
1612	bf13a6c376b5a1496e188dd07a47dfbe.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2112-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000700000001e59e-11.dat	upx
behavioral2/memory/1612-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2112	bf13a6c376b5a1496e188dd07a47dfbe.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2112	bf13a6c376b5a1496e188dd07a47dfbe.exe
1612	bf13a6c376b5a1496e188dd07a47dfbe.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 1612	2112	bf13a6c376b5a1496e188dd07a47dfbe.exe	88
PID 2112 wrote to memory of 1612	2112	bf13a6c376b5a1496e188dd07a47dfbe.exe	88
PID 2112 wrote to memory of 1612	2112	bf13a6c376b5a1496e188dd07a47dfbe.exe	88

C:\Users\Admin\AppData\Local\Temp\bf13a6c376b5a1496e188dd07a47dfbe.exe

Filesize
1.3MB

MD5
5df50e9840687018919753aa39ce7b2d

SHA1
478f5389e897bc0cb1f87ad225b16e7aa6da10b1

SHA256
0cd004294f8ba5cc37a7c81fc144a52536273fe7253fe3f54724fa9b8c4598e2

SHA512
c8638dc9a862ad5ef6b83ceba0428754d555812598f500d007c43ea28d3e8f54449816b9aeac4349caf2473d47a21b53ef3eb327a79f497baa8a66ee04dcbf89

Download Submit
memory/1612-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1612-14-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/1612-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1612-20-0x00000000055D0000-0x00000000057F2000-memory.dmp

Filesize
2.1MB

Download
memory/1612-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1612-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2112-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2112-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2112-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2112-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download