cde3ff060b68c3183026a9e34d5b46eca793a9da925cb636fa2bd56157e0de24

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 07:01

Target

c7fdfa8910cadbda5374bf06fbb50651.exe
Size

11.7MB
MD5

c7fdfa8910cadbda5374bf06fbb50651
SHA1

ddb1cc0f8de3cde0aea48d24d13e44eae0c777bf
SHA256

cde3ff060b68c3183026a9e34d5b46eca793a9da925cb636fa2bd56157e0de24
SHA512

ad08da7937636a89007248feed55bbf759bb10150dabb7a412c2487e81477a564f5427cf8d015f30a3525f682c1cdf70c3e88791f8df3615ad7fb84510c9e717
SSDEEP

196608:OKqlh8/WCOu7xLCWCQY4D5PjKWCOu7xLCWC:OBl0UuVLChM5LKUuVLC

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4672	c7fdfa8910cadbda5374bf06fbb50651.exe

Executes dropped EXE 1 IoCs

pid	Process
4672	c7fdfa8910cadbda5374bf06fbb50651.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2852-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000300000001e9a0-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2852	c7fdfa8910cadbda5374bf06fbb50651.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2852	c7fdfa8910cadbda5374bf06fbb50651.exe
4672	c7fdfa8910cadbda5374bf06fbb50651.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 4672	2852	c7fdfa8910cadbda5374bf06fbb50651.exe	89
PID 2852 wrote to memory of 4672	2852	c7fdfa8910cadbda5374bf06fbb50651.exe	89
PID 2852 wrote to memory of 4672	2852	c7fdfa8910cadbda5374bf06fbb50651.exe	89

C:\Users\Admin\AppData\Local\Temp\c7fdfa8910cadbda5374bf06fbb50651.exe

Filesize
896KB

MD5
ba1cd60f9a53e5ffdf726ef4945e52be

SHA1
6773b7534745310e88a5e8204547e0741d35e62e

SHA256
881ddc464ee68af61c121c661fd1f9cda70aa28ca2ddd4ed21c0e4f7074426a9

SHA512
9fa70ef72a47c5d85c5d6f4a52e1a39698048370700911872f078623a3262fa18885ff1721d2ba36a40f303ebb1dee91519c757d5519589edf417dd746b5f7ce

Download Submit
memory/2852-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2852-1-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/2852-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2852-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4672-13-0x0000000001DD0000-0x0000000001F03000-memory.dmp

Filesize
1.2MB

Download
memory/4672-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4672-15-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4672-20-0x00000000056D0000-0x00000000058FA000-memory.dmp

Filesize
2.2MB

Download
memory/4672-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4672-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download