981fb39056b134f69da82b778945162bf276edcddc5ab2826f9660418fafb2f7

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14-03-2024 01:03

Target

c74a5a3f523a7ade076609846e642f36.exe
Size

2.9MB
MD5

c74a5a3f523a7ade076609846e642f36
SHA1

1f99682fa21bfea987fb1211e41c1551e7e07864
SHA256

981fb39056b134f69da82b778945162bf276edcddc5ab2826f9660418fafb2f7
SHA512

d2edac71c8df9d93d4365dedc9394ce4ba80c5516db47dc6f832c8fa5d472b22f94359461b5e1411b40df8d0f8af963864365e8da8c8849dfb35cb77f62f75c1
SSDEEP

49152:SZe+cOGCgpdU6dQH/4aw38Ty4q9KiUP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:ueKGCgpK6d8bTyUNgg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2848	c74a5a3f523a7ade076609846e642f36.exe

Executes dropped EXE 1 IoCs

pid	Process
2848	c74a5a3f523a7ade076609846e642f36.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2616-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000c0000000226fd-11.dat	upx
behavioral2/memory/2848-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2616	c74a5a3f523a7ade076609846e642f36.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2616	c74a5a3f523a7ade076609846e642f36.exe
2848	c74a5a3f523a7ade076609846e642f36.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 2848	2616	c74a5a3f523a7ade076609846e642f36.exe	88
PID 2616 wrote to memory of 2848	2616	c74a5a3f523a7ade076609846e642f36.exe	88
PID 2616 wrote to memory of 2848	2616	c74a5a3f523a7ade076609846e642f36.exe	88

C:\Users\Admin\AppData\Local\Temp\c74a5a3f523a7ade076609846e642f36.exe

Filesize
2.9MB

MD5
d213c24a9d06ee4d550fe6bc46928425

SHA1
f6967b4c7284c56689b9f63d72f3a722420f866e

SHA256
c5894ed6fd21dc5b6e4f32949a3aeefcfd8d92b6bc996625de80b75f3210a80d

SHA512
0f3381dd1347563a6524729e02c63f608a704b33974ae963fdf371d0dff1ca384d4fc7acaeea8adb6b1a628ed9028f1acec21a5517afd93ac966fe32c62e8f36

Download Submit
memory/2616-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2616-1-0x0000000001D70000-0x0000000001EA3000-memory.dmp

Filesize
1.2MB

Download
memory/2616-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2616-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2848-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2848-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2848-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2848-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2848-21-0x00000000055D0000-0x00000000057FA000-memory.dmp

Filesize
2.2MB

Download
memory/2848-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download