a5e6cef0100b016ada33f9a543643d2f7f67652f87ecd3681bb194ffe9bf5c22

Analysis

max time kernel
90s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 12:14

Target

c3582b05c1ee2ef091cb1b9e0d4235a6.exe
Size

2.7MB
MD5

c3582b05c1ee2ef091cb1b9e0d4235a6
SHA1

f1d7b2cf142b99608870561be5996c61be06e30f
SHA256

a5e6cef0100b016ada33f9a543643d2f7f67652f87ecd3681bb194ffe9bf5c22
SHA512

300b0214df0f93b0614f31a37571700cd989ba2b68817fe2a7778bd152b8964201614242c5e23d662f042b5bbf98056fc6fb3b23182f738d4a7731bb2b840788
SSDEEP

49152:UlSJVlG5MyeY1X7aMJxWRCdIVxSN+CMt4El72W/vKbb//0Sw6j7CSwzBNTyMcp:UwK5MzY1LakWQixSNLMt4EMWabb//0Sn

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
468	c3582b05c1ee2ef091cb1b9e0d4235a6.exe

Executes dropped EXE 1 IoCs

pid	Process
468	c3582b05c1ee2ef091cb1b9e0d4235a6.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4712-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000f000000023163-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4712	c3582b05c1ee2ef091cb1b9e0d4235a6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4712	c3582b05c1ee2ef091cb1b9e0d4235a6.exe
468	c3582b05c1ee2ef091cb1b9e0d4235a6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 468	4712	c3582b05c1ee2ef091cb1b9e0d4235a6.exe	85
PID 4712 wrote to memory of 468	4712	c3582b05c1ee2ef091cb1b9e0d4235a6.exe	85
PID 4712 wrote to memory of 468	4712	c3582b05c1ee2ef091cb1b9e0d4235a6.exe	85

C:\Users\Admin\AppData\Local\Temp\c3582b05c1ee2ef091cb1b9e0d4235a6.exe

Filesize
583KB

MD5
1477bee96cacf54952afc40077935f0f

SHA1
8eaba2ea24e76aed09935a216a2df78e047d8b59

SHA256
356f299d918bf5b70648d7250ef247b64511878ac4715636ed0ffbe88e1abf5a

SHA512
08b07a18cf1b7853bb4bc23aa8c78701c8649176003795780ae7614f55fd06cbbcdb75afffdc12101b461a15a1b4b1cf929fb3f856c60afc4a6079e60d7b40ee

Download Submit
memory/468-16-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/468-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/468-13-0x0000000001CB0000-0x0000000001DE3000-memory.dmp

Filesize
1.2MB

Download
memory/468-20-0x00000000055B0000-0x00000000057DA000-memory.dmp

Filesize
2.2MB

Download
memory/468-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/468-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4712-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4712-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4712-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4712-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download