48b0d3bc71592e7e600d4abb8ea8e08a6f104cb7cc22f0ee0c0ffa220ce5beb7

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 01:27

Target

bf7b5728be68db045bc7f5e6843a0cc1.exe
Size

1.5MB
MD5

bf7b5728be68db045bc7f5e6843a0cc1
SHA1

ae7b0d34fe8845f01458c5d8699f168ef2c0e30a
SHA256

48b0d3bc71592e7e600d4abb8ea8e08a6f104cb7cc22f0ee0c0ffa220ce5beb7
SHA512

fcd282e966239b645efb6be8b0d778066791860f2cbdce6a4990846fce59b709011cbc1f477467cab5cb10714780c39df30aabf2a6e44c483e0e9a0bd2f57d4d
SSDEEP

24576:OiKDymylI32onbAG3D4TQa0YLRm+6m3+jH5SYMxmKX6nTXBTW:day8mon5MTQ5Ytj6+EHfMAlnTXBT

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3752	bf7b5728be68db045bc7f5e6843a0cc1.exe

Executes dropped EXE 1 IoCs

pid	Process
3752	bf7b5728be68db045bc7f5e6843a0cc1.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4864-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023209-11.dat	upx
behavioral2/memory/3752-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4864	bf7b5728be68db045bc7f5e6843a0cc1.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4864	bf7b5728be68db045bc7f5e6843a0cc1.exe
3752	bf7b5728be68db045bc7f5e6843a0cc1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 3752	4864	bf7b5728be68db045bc7f5e6843a0cc1.exe	90
PID 4864 wrote to memory of 3752	4864	bf7b5728be68db045bc7f5e6843a0cc1.exe	90
PID 4864 wrote to memory of 3752	4864	bf7b5728be68db045bc7f5e6843a0cc1.exe	90

C:\Users\Admin\AppData\Local\Temp\bf7b5728be68db045bc7f5e6843a0cc1.exe

Filesize
192KB

MD5
3510dff2c654bc53f4a0f0a11c6dce65

SHA1
27003a8dd549bd31ecee3d522d1c4623ee1b1f6c

SHA256
363c8e2fbf69d4f669982cfeda3107ad6cc4ce09fb92ece253c7f4877c7b6e03

SHA512
6661e891b71e4d44d7daf222b73aea247b99b909f534cb7652f8606af5fd8ef2cb97bf42071f0e028ee2a38165826763a76c640cdadba6f74ae78e786e18266d

Download Submit
memory/3752-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3752-14-0x0000000001D40000-0x0000000001E73000-memory.dmp

Filesize
1.2MB

Download
memory/3752-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3752-20-0x0000000005640000-0x000000000586A000-memory.dmp

Filesize
2.2MB

Download
memory/3752-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3752-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4864-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4864-1-0x0000000001D30000-0x0000000001E63000-memory.dmp

Filesize
1.2MB

Download
memory/4864-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4864-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download