07f600b2993efd8d3926d5f1ec83b05c81d6bfefffdeac8a55170bf03efddb5a

Analysis

max time kernel
148s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15-03-2024 04:58

Target

ca8a797cf29c368c792cfaecc8264722.exe
Size

2.9MB
MD5

ca8a797cf29c368c792cfaecc8264722
SHA1

6d64043f5be5b1a066ac866dd2a3838373f4501f
SHA256

07f600b2993efd8d3926d5f1ec83b05c81d6bfefffdeac8a55170bf03efddb5a
SHA512

10775a69eaad274a29e88269714e861de7b0cbfa790ceacec37a4c3304c933f9d740f6f5e4a3086b992670391ba25f6af5a47a42378886b15fbc9ca6df7228da
SSDEEP

49152:8TdJ6xFXr7dUoq/Dy67P4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:8TdJ6xF77dUzNgg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2876	ca8a797cf29c368c792cfaecc8264722.exe

Executes dropped EXE 1 IoCs

pid	Process
2876	ca8a797cf29c368c792cfaecc8264722.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2384-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/2876-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000800000002320f-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2384	ca8a797cf29c368c792cfaecc8264722.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2384	ca8a797cf29c368c792cfaecc8264722.exe
2876	ca8a797cf29c368c792cfaecc8264722.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2876	2384	ca8a797cf29c368c792cfaecc8264722.exe	89
PID 2384 wrote to memory of 2876	2384	ca8a797cf29c368c792cfaecc8264722.exe	89
PID 2384 wrote to memory of 2876	2384	ca8a797cf29c368c792cfaecc8264722.exe	89

C:\Users\Admin\AppData\Local\Temp\ca8a797cf29c368c792cfaecc8264722.exe

Filesize
2.9MB

MD5
c8747ffc13b93665f2a2be1f27c3c2dd

SHA1
87c37b82b9db11400fb5c832c551056d9e6b05a2

SHA256
d8518766c11334ba29b2dbcd2612cc265e43c85b55591facddbf06b85a7136fc

SHA512
bb5ead8d8e36e6de3dabf3dba36e5ebd903f880b6aa69d1de00ff161a79e526091e91de1ab8de0490408ae10e516dec1cc581989c1f42f4ee6a4ecdc89e0c953

Download Submit
memory/2384-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2384-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2384-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2384-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2876-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2876-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/2876-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2876-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/2876-20-0x0000000005550000-0x000000000577A000-memory.dmp

Filesize
2.2MB

Download
memory/2876-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download