ca6bd0db71ae108a7800432c38ccc5c0de7aef47a2b0984a89b64da9a0291439

Analysis

max time kernel
151s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 13:58

Target

c8c8f0f8463b6a8577957dcf2b80541a.exe
Size

2.9MB
MD5

c8c8f0f8463b6a8577957dcf2b80541a
SHA1

cc2bd4c0fc3de02e3ae24a722b046e3505e9b7e5
SHA256

ca6bd0db71ae108a7800432c38ccc5c0de7aef47a2b0984a89b64da9a0291439
SHA512

e86de890fdc3725a62f7924a5817b0543f7969ec3902092566119b4c65bb32b7c1d5984740ccafcca375c3b4e69ede0a4a5bc4b74378ead76e644fe4e31116c0
SSDEEP

49152:Niwpg+AV7+prXZYolY2LJP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:NLSNVurXLKAJgg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1000	c8c8f0f8463b6a8577957dcf2b80541a.exe

Executes dropped EXE 1 IoCs

pid	Process
1000	c8c8f0f8463b6a8577957dcf2b80541a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2872-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023214-11.dat	upx
behavioral2/memory/1000-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2872	c8c8f0f8463b6a8577957dcf2b80541a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2872	c8c8f0f8463b6a8577957dcf2b80541a.exe
1000	c8c8f0f8463b6a8577957dcf2b80541a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 1000	2872	c8c8f0f8463b6a8577957dcf2b80541a.exe	86
PID 2872 wrote to memory of 1000	2872	c8c8f0f8463b6a8577957dcf2b80541a.exe	86
PID 2872 wrote to memory of 1000	2872	c8c8f0f8463b6a8577957dcf2b80541a.exe	86

C:\Users\Admin\AppData\Local\Temp\c8c8f0f8463b6a8577957dcf2b80541a.exe

Filesize
41KB

MD5
70a9410219c3a096536024cc22d9b692

SHA1
c4fa0ce0b60375a23bc16cdbf52d7e35c12edac3

SHA256
b93719fb7b7677dfb293a62f9f396707187e73deed6b049bf9c6c499ece7b7bf

SHA512
8b869c994f7de25542833135f1fa844ad8162ab8d8087393ad7563a2cf3c7a75b714392523d945d18fb0111c41194767d5672397b4452f9215b982b5db8dc346

Download Submit
memory/1000-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1000-15-0x0000000001CE0000-0x0000000001E13000-memory.dmp

Filesize
1.2MB

Download
memory/1000-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1000-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1000-21-0x00000000055E0000-0x000000000580A000-memory.dmp

Filesize
2.2MB

Download
memory/1000-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2872-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2872-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2872-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2872-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download