a9735e725175a2401ac575de1b9642e97857568e1daf07033ebb02d9e02fd8dd

Analysis

max time kernel
136s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 16:22

Target

c10b3a1eff3a14cc8a4d4b599c98f30e.exe
Size

5.3MB
MD5

c10b3a1eff3a14cc8a4d4b599c98f30e
SHA1

b425a25528a1e68f02971c5f1d6458483e82991d
SHA256

a9735e725175a2401ac575de1b9642e97857568e1daf07033ebb02d9e02fd8dd
SHA512

4b08c1018bfd509ef1eba41ea0d706132f06bd24ead78303d88f1817c3318265413205ba498a663b3c6b79b3cfe6a7221a8fd8ca70a634e69c473637d08f6958
SSDEEP

98304:yFTQglsIcFdHHktBcwQDM2YIDULHXq43yNDfHktBcwQDM2YIDULHt:qcgl4FdHschDHIaP1fschDHIN

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2448	c10b3a1eff3a14cc8a4d4b599c98f30e.exe

Executes dropped EXE 1 IoCs

pid	Process
2448	c10b3a1eff3a14cc8a4d4b599c98f30e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3924-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000e000000023131-12.dat	upx
behavioral2/memory/2448-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3924	c10b3a1eff3a14cc8a4d4b599c98f30e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3924	c10b3a1eff3a14cc8a4d4b599c98f30e.exe
2448	c10b3a1eff3a14cc8a4d4b599c98f30e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3924 wrote to memory of 2448	3924	c10b3a1eff3a14cc8a4d4b599c98f30e.exe	89
PID 3924 wrote to memory of 2448	3924	c10b3a1eff3a14cc8a4d4b599c98f30e.exe	89
PID 3924 wrote to memory of 2448	3924	c10b3a1eff3a14cc8a4d4b599c98f30e.exe	89

C:\Users\Admin\AppData\Local\Temp\c10b3a1eff3a14cc8a4d4b599c98f30e.exe

Filesize
5.3MB

MD5
0e0ea4551051b7726639f3a26599345b

SHA1
09e990c67c0176fc0effbf3d91f9cd732a296e64

SHA256
6c8aa361ecf925b4161751cf150c0a56bd352a43531885e68e1b869f444198a3

SHA512
2b3fbb333d54641330630dabd96ba047042b4aed047c92f36fe0f820102c930dc3c8e05a01fe8f03f7e67029baa777c5643715b358b4e39efde4b49d49237f55

Download Submit
memory/2448-16-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2448-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2448-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2448-21-0x0000000005680000-0x00000000058A2000-memory.dmp

Filesize
2.1MB

Download
memory/2448-22-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2448-29-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3924-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3924-1-0x0000000001BE0000-0x0000000001D11000-memory.dmp

Filesize
1.2MB

Download
memory/3924-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3924-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download