718754ef3ad315893ce458500c3005dc76d1c0ce39e6ccfac2c356fb0f130065

Analysis

max time kernel
91s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 06:07

Target

c52a6f37e8510afa54037a55836a1a5e.exe
Size

2.9MB
MD5

c52a6f37e8510afa54037a55836a1a5e
SHA1

57251269872ef16ba2622be65afa8831ad9180b2
SHA256

718754ef3ad315893ce458500c3005dc76d1c0ce39e6ccfac2c356fb0f130065
SHA512

03bffe43c01043506e86c900e09ce8ce433d28ddcaf03fd6a6bad141fd3dd9ddd39b5bc4a451c4a2c7d1492869240f1ec437ae413857c4503d66b0289dc23205
SSDEEP

49152:zvvVARODHM4HeOCq9WPeNIw2ngWDHVXrL0SfBDyxfl/2d/f819WuQyzESAg2:j04T9WPwIw2gG1XrISfBOZ8d/f+9g5SK

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3776	c52a6f37e8510afa54037a55836a1a5e.exe

Executes dropped EXE 1 IoCs

pid	Process
3776	c52a6f37e8510afa54037a55836a1a5e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3132-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023225-11.dat	upx
behavioral2/memory/3776-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3132	c52a6f37e8510afa54037a55836a1a5e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3132	c52a6f37e8510afa54037a55836a1a5e.exe
3776	c52a6f37e8510afa54037a55836a1a5e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3132 wrote to memory of 3776	3132	c52a6f37e8510afa54037a55836a1a5e.exe	85
PID 3132 wrote to memory of 3776	3132	c52a6f37e8510afa54037a55836a1a5e.exe	85
PID 3132 wrote to memory of 3776	3132	c52a6f37e8510afa54037a55836a1a5e.exe	85

C:\Users\Admin\AppData\Local\Temp\c52a6f37e8510afa54037a55836a1a5e.exe

Filesize
633KB

MD5
ce782063383f7b85819eab88f08b6f16

SHA1
78985800a2c05beab5b9c03e758a9b00a3b55477

SHA256
875a689a6589267d17ae31c58ab298ab880538b239dcdc66553db65efef79c33

SHA512
2140e26a138023fcf7217abfd86defad79b223f2876dfe1691bce371ddf8d5324046b8a8dcb59d9da1b1f3c43061595751d902de200ef30e7e953b37303f2df2

Download Submit
memory/3132-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3132-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3132-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3132-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3776-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3776-16-0x0000000001CA0000-0x0000000001DD3000-memory.dmp

Filesize
1.2MB

Download
memory/3776-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3776-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3776-21-0x00000000055A0000-0x00000000057CA000-memory.dmp

Filesize
2.2MB

Download
memory/3776-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download