d90739e547c7725392b040458d576fb9c4339fef750305b9a12efd9720738ae4

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 23:50

Target

cc91bb97b4d91b039ef8681a91a7df08.exe
Size

1.5MB
MD5

cc91bb97b4d91b039ef8681a91a7df08
SHA1

8f759a9fc29032bbc8920e8d7e4fb9450e129236
SHA256

d90739e547c7725392b040458d576fb9c4339fef750305b9a12efd9720738ae4
SHA512

cc2df3255ecee0c6ddc77b9792166d7a67f981775a9c459077af29670fc7bb7fbc90f80f4cf4c4bcaf0c79320af31370cbb826433a1a8cc306f938c8c30db8e4
SSDEEP

24576:p46LpKzr/A7kII1KuSfks4i0rrBB3xCh4aHPHvvWz9cKskeW:bnwx1SMrBoHPHWmme

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2660	cc91bb97b4d91b039ef8681a91a7df08.exe

Executes dropped EXE 1 IoCs

pid	Process
2660	cc91bb97b4d91b039ef8681a91a7df08.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1540-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000700000001e59e-11.dat	upx
behavioral2/memory/2660-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1540	cc91bb97b4d91b039ef8681a91a7df08.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1540	cc91bb97b4d91b039ef8681a91a7df08.exe
2660	cc91bb97b4d91b039ef8681a91a7df08.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 2660	1540	cc91bb97b4d91b039ef8681a91a7df08.exe	87
PID 1540 wrote to memory of 2660	1540	cc91bb97b4d91b039ef8681a91a7df08.exe	87
PID 1540 wrote to memory of 2660	1540	cc91bb97b4d91b039ef8681a91a7df08.exe	87

C:\Users\Admin\AppData\Local\Temp\cc91bb97b4d91b039ef8681a91a7df08.exe

Filesize
1.5MB

MD5
6684b4dd8ff791cb919275ac8a3ffc72

SHA1
fd0c1357ec39ddb2e653a539e1ae0043ed022d3f

SHA256
c271722d86998a4a93c735d10e339645286e9664324ff6188a1ea8b395b6ef52

SHA512
86e0cb8cf5e7622fb0d924fffa951535282aabba9888df01905c87d173a203e1c05d7c823461f72076c17da372fcf61cccf8cb081f901d2f345f9bc4a1244b12

Download Submit
memory/1540-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1540-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1540-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1540-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2660-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2660-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2660-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2660-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2660-20-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/2660-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download