9644df7248fdad47baf5756f565acb9b8a1a241804bc8a588cbbd9410c591c99

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 04:53

Target

bfe4f0d29282ed16c45511d97d980608.exe
Size

3.9MB
MD5

bfe4f0d29282ed16c45511d97d980608
SHA1

fe20bce50164f5364ca5ace1ffe7058901782058
SHA256

9644df7248fdad47baf5756f565acb9b8a1a241804bc8a588cbbd9410c591c99
SHA512

c5ae7840bb4a87541c8e81029575b0e0a42e12715ece01631a3d2a6b8823173543a08a677b359703393860a0c7b30c391644fad829346382a88af01135fcee1e
SSDEEP

98304:GfoHvnhPo65QHpgg3gnl/IVUt4pJWzZtIygg3gnl/IVUV:F/q6qPgl/iwgWttJgl/iG

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3112	bfe4f0d29282ed16c45511d97d980608.exe

Executes dropped EXE 1 IoCs

pid	Process
3112	bfe4f0d29282ed16c45511d97d980608.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2296-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/3112-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000001e980-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2296	bfe4f0d29282ed16c45511d97d980608.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2296	bfe4f0d29282ed16c45511d97d980608.exe
3112	bfe4f0d29282ed16c45511d97d980608.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 3112	2296	bfe4f0d29282ed16c45511d97d980608.exe	91
PID 2296 wrote to memory of 3112	2296	bfe4f0d29282ed16c45511d97d980608.exe	91
PID 2296 wrote to memory of 3112	2296	bfe4f0d29282ed16c45511d97d980608.exe	91

C:\Users\Admin\AppData\Local\Temp\bfe4f0d29282ed16c45511d97d980608.exe

Filesize
1.0MB

MD5
b5fd43da52efcb575f6f0367ae35e25d

SHA1
4a634a001647fb07f79a3aa6e4ecb48672ade674

SHA256
9728a9d06493235c7cd44bef1eb483e1d8cda51e9068706982ccd3dab8c19cac

SHA512
c3caf8749733086202b3beedc1febfd856204157b233bbc01a070d116589804201b03da0f363481c05c58a2558455121219db38562f1567501fe64eb0b3dd52d

Download Submit
memory/2296-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2296-1-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/2296-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2296-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3112-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3112-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3112-16-0x0000000001C70000-0x0000000001DA3000-memory.dmp

Filesize
1.2MB

Download
memory/3112-21-0x0000000005570000-0x000000000579A000-memory.dmp

Filesize
2.2MB

Download
memory/3112-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3112-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download