1a958969cf991aa8fc1f3f2f304209a2eced807d54ade98aff2509efdc2a82d8

Analysis

max time kernel
145s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 18:56

Target

c6a0f83ab0d4a1b21ead87eb97f4be35.exe
Size

11.7MB
MD5

c6a0f83ab0d4a1b21ead87eb97f4be35
SHA1

12ef6d8e84f983be75a6b5556801621c6c9b0b3e
SHA256

1a958969cf991aa8fc1f3f2f304209a2eced807d54ade98aff2509efdc2a82d8
SHA512

1da78e89a2d710fbe2d2fc9cab57e156a245e88a7e2a86d2c4ad46f1d72751ec91e1fb50c1873e72748a3c7cdc86f867a518ba15e28ba5cb6c77f01fcc6004c1
SSDEEP

196608:hRbqHKwZvNgbCyrlMR55wZvNgbcJrQnzMwZvNgbCyrlMR55wZvNgb:6HRUb/mCUbRUb/mCUb

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
5080	c6a0f83ab0d4a1b21ead87eb97f4be35.exe

Executes dropped EXE 1 IoCs

pid	Process
5080	c6a0f83ab0d4a1b21ead87eb97f4be35.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2228-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000c0000000226fd-11.dat	upx
behavioral2/memory/5080-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2228	c6a0f83ab0d4a1b21ead87eb97f4be35.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2228	c6a0f83ab0d4a1b21ead87eb97f4be35.exe
5080	c6a0f83ab0d4a1b21ead87eb97f4be35.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 5080	2228	c6a0f83ab0d4a1b21ead87eb97f4be35.exe	88
PID 2228 wrote to memory of 5080	2228	c6a0f83ab0d4a1b21ead87eb97f4be35.exe	88
PID 2228 wrote to memory of 5080	2228	c6a0f83ab0d4a1b21ead87eb97f4be35.exe	88

C:\Users\Admin\AppData\Local\Temp\c6a0f83ab0d4a1b21ead87eb97f4be35.exe

Filesize
2.4MB

MD5
84b4bbac8881bd790df220d24541dfcf

SHA1
053428eaf2c631ac53b7e0378384f0d4c6ea6d4c

SHA256
1a18d5ab4e73b5ea3c874e56b8458e22c20d5da225953e8978058332151a6b06

SHA512
b4cf978cbe9633be84423159f17e867a7c7911f56580fe650d8bdb0150a586c47d37c3dffdaa9345ae821c6ac038480ff5889c10011707c68f917e77e926d581

Download Submit
memory/2228-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2228-1-0x0000000001E60000-0x0000000001F93000-memory.dmp

Filesize
1.2MB

Download
memory/2228-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2228-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5080-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5080-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5080-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/5080-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/5080-21-0x0000000005650000-0x000000000587A000-memory.dmp

Filesize
2.2MB

Download
memory/5080-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download