d359f833addf2e58944e20866e6f3c9da4c2cb53c050604e2c21e8877818862f

Analysis

max time kernel
134s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 12:53

Target

cb75d04c89a2c388477e5d301db132a0.exe
Size

2.7MB
MD5

cb75d04c89a2c388477e5d301db132a0
SHA1

972f6d72178f4f146d417b8519b01d739798c83c
SHA256

d359f833addf2e58944e20866e6f3c9da4c2cb53c050604e2c21e8877818862f
SHA512

4496dabeb8001a826c8bc5cbb9d13166044bd720f15b74b11337438444e48f102d2c1caa88424fef29b498fa11804427b95d6148cb1ff7e61727d4e575e896b0
SSDEEP

49152:pBPwDOF9h8qoA4A7qXvq4qdqZqw432ElLJuXaHwIb24Lod6PAPU8w8QWxsuaOp:ptqIRL2XvtkqbtXySNOAtfza3Op

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1072	cb75d04c89a2c388477e5d301db132a0.exe

Executes dropped EXE 1 IoCs

pid	Process
1072	cb75d04c89a2c388477e5d301db132a0.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1592-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000300000001e9a0-11.dat	upx
behavioral2/memory/1072-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1592	cb75d04c89a2c388477e5d301db132a0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1592	cb75d04c89a2c388477e5d301db132a0.exe
1072	cb75d04c89a2c388477e5d301db132a0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 1072	1592	cb75d04c89a2c388477e5d301db132a0.exe	89
PID 1592 wrote to memory of 1072	1592	cb75d04c89a2c388477e5d301db132a0.exe	89
PID 1592 wrote to memory of 1072	1592	cb75d04c89a2c388477e5d301db132a0.exe	89

C:\Users\Admin\AppData\Local\Temp\cb75d04c89a2c388477e5d301db132a0.exe

Filesize
2.7MB

MD5
a776b1bffcc75b55ee6f821922cc8b30

SHA1
0ef6a74ef8505f9bea179ad519fd5e144c10b54a

SHA256
584d17beb69618f21e5cdb63a3727f5629e0ce97d85fdd92111a59bced33d02c

SHA512
c9ab5a4503c6ddb44fff7bcef410fbde845a641c72776c2695c0832671d30dc053144917c43751211be2f1aef3153fbabf33d4683a66405c20ccd11e89de8059

Download Submit
memory/1072-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1072-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1072-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1072-20-0x0000000005670000-0x000000000589A000-memory.dmp

Filesize
2.2MB

Download
memory/1072-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1072-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1592-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1592-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1592-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1592-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download