62b517657093817aa5f9ee70e5fcaa0b9ad2a5cf03c485a795137329f5010aea

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14-03-2024 11:09

Target

c878cb9e8bfd41799ce07f395c608291.exe
Size

10.6MB
MD5

c878cb9e8bfd41799ce07f395c608291
SHA1

9588294685f5e150ef70e85dff665478137e11a3
SHA256

62b517657093817aa5f9ee70e5fcaa0b9ad2a5cf03c485a795137329f5010aea
SHA512

b0582ac34383a084228a212e973f6222c44d3e906e8520d3df00bb25907400d0ac61f235c5fdf0f33255c930147fba00d329f555bee744acc6cff8f73b7530d3
SSDEEP

196608:v1biWd80v38aXMBkEyv1rLu0v38aXMBg+/wE4Dzwc0v38aXMBkEyv1rLu0v38aXw:dicrPbT1/lPbzEtLPbT1/lPbA

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
208	c878cb9e8bfd41799ce07f395c608291.exe

Executes dropped EXE 1 IoCs

pid	Process
208	c878cb9e8bfd41799ce07f395c608291.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2308-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000300000001e9a0-11.dat	upx
behavioral2/memory/208-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2308	c878cb9e8bfd41799ce07f395c608291.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2308	c878cb9e8bfd41799ce07f395c608291.exe
208	c878cb9e8bfd41799ce07f395c608291.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 208	2308	c878cb9e8bfd41799ce07f395c608291.exe	89
PID 2308 wrote to memory of 208	2308	c878cb9e8bfd41799ce07f395c608291.exe	89
PID 2308 wrote to memory of 208	2308	c878cb9e8bfd41799ce07f395c608291.exe	89

C:\Users\Admin\AppData\Local\Temp\c878cb9e8bfd41799ce07f395c608291.exe

Filesize
10.6MB

MD5
17b60302f5867dbeb03d671b9f377647

SHA1
bacba41c6612fb3228006bf61bfa371f8b386524

SHA256
b737c901420aea5014d3316dfa6ea2b83d01fa20ba2ad6eb6a4a4a94d3b9b94f

SHA512
2f603582d8330347d8740b9e08713c71374444252f7d65af0238c280ec9c1841a27cdc501689f0d291ad6071a882435a00ac64bb4ec8d41a0a45a49911fe50cb

Download Submit
memory/208-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/208-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/208-15-0x0000000001DC0000-0x0000000001EF1000-memory.dmp

Filesize
1.2MB

Download
memory/208-20-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/208-21-0x00000000056B0000-0x00000000058D2000-memory.dmp

Filesize
2.1MB

Download
memory/208-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2308-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2308-1-0x0000000001D50000-0x0000000001E81000-memory.dmp

Filesize
1.2MB

Download
memory/2308-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2308-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download