9d2ca99fae7cacfa31fe9f412fedb6da83fcd84064c90cb1ba5029056e2f4e4b

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 03:26

Target

c4db1ed07f1439c15f7f3d2e81a45920.exe
Size

1.5MB
MD5

c4db1ed07f1439c15f7f3d2e81a45920
SHA1

a3f1f604ba6aadf150b448c14fcb7271c253ed98
SHA256

9d2ca99fae7cacfa31fe9f412fedb6da83fcd84064c90cb1ba5029056e2f4e4b
SHA512

084dd359a29686504eb33f068c6289b6c25b0b6c59e1c74ca75608be97f105996dad68ab2200daca3207afa1ba123535c5911a251fa1f95cb49d02efd1a9249b
SSDEEP

24576:CuV3RbjBWbiMHNt1SMTAwFTqwfBQWMl6VHyApffLXNNB3OiNDBT8sz4SncBW:xBWb7HdTTA6XGW9yAJ9NBxDBF4S0

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3320	c4db1ed07f1439c15f7f3d2e81a45920.exe

Executes dropped EXE 1 IoCs

pid	Process
3320	c4db1ed07f1439c15f7f3d2e81a45920.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3500-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000300000001e9a0-11.dat	upx
behavioral2/memory/3320-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3500	c4db1ed07f1439c15f7f3d2e81a45920.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3500	c4db1ed07f1439c15f7f3d2e81a45920.exe
3320	c4db1ed07f1439c15f7f3d2e81a45920.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3500 wrote to memory of 3320	3500	c4db1ed07f1439c15f7f3d2e81a45920.exe	88
PID 3500 wrote to memory of 3320	3500	c4db1ed07f1439c15f7f3d2e81a45920.exe	88
PID 3500 wrote to memory of 3320	3500	c4db1ed07f1439c15f7f3d2e81a45920.exe	88

C:\Users\Admin\AppData\Local\Temp\c4db1ed07f1439c15f7f3d2e81a45920.exe

Filesize
1.4MB

MD5
3fdc6e6091bcbbd88eae54a00d4c0f2c

SHA1
0930b8e387ac450845c7242a41a8396c180949a6

SHA256
88e391c8392eab644e857ff887c0bed9c35824908e6b181e50e9b725ff06241d

SHA512
84a77977d31feb6b6eef0865e2bc3b66b34043ca81420c4c7cc354ea01e12b57534c6798f2724cc03447f0a8fe31ab5a0f1002471606388b2539f3b81600370e

Download Submit
memory/3320-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3320-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3320-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3320-20-0x0000000005650000-0x000000000587A000-memory.dmp

Filesize
2.2MB

Download
memory/3320-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3320-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3500-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3500-1-0x0000000001CB0000-0x0000000001DE3000-memory.dmp

Filesize
1.2MB

Download
memory/3500-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3500-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download