9d5dd0076bbb16f7751b376c6a0f16cd3bffb048c7c920e391b246d384a85bc9

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 01:19

Target

ccbe5f8dbd8267445c2627aa53e10459.exe
Size

10.6MB
MD5

ccbe5f8dbd8267445c2627aa53e10459
SHA1

aae43a7fb9a0f8bdb60004529a7f22ee9a5cdcb6
SHA256

9d5dd0076bbb16f7751b376c6a0f16cd3bffb048c7c920e391b246d384a85bc9
SHA512

a770576f8bfb6077d9fd7377b3607d409f923997b0c4777c89067d11e124915d4d8951af45d73a864c293767a0d6ebda2f57ec895cd39e10b94a1b8fde58f695
SSDEEP

196608:6wN67PXNzWChT55QyYBuy27PXNzWChT55tGWO6Sj5Sc5a7PXNzWChT55QyYBuy2A:6wN8fNiChTnQuVfNiChTntm/ncfNiChm

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
464	ccbe5f8dbd8267445c2627aa53e10459.exe

Executes dropped EXE 1 IoCs

pid	Process
464	ccbe5f8dbd8267445c2627aa53e10459.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2036-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000e000000023153-11.dat	upx
behavioral2/memory/464-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2036	ccbe5f8dbd8267445c2627aa53e10459.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2036	ccbe5f8dbd8267445c2627aa53e10459.exe
464	ccbe5f8dbd8267445c2627aa53e10459.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 464	2036	ccbe5f8dbd8267445c2627aa53e10459.exe	89
PID 2036 wrote to memory of 464	2036	ccbe5f8dbd8267445c2627aa53e10459.exe	89
PID 2036 wrote to memory of 464	2036	ccbe5f8dbd8267445c2627aa53e10459.exe	89

C:\Users\Admin\AppData\Local\Temp\ccbe5f8dbd8267445c2627aa53e10459.exe

Filesize
1.5MB

MD5
41b2051c99a3d4037d2204b1ae600743

SHA1
f1d88187334510004c4c5c02c9b011c156b3485d

SHA256
50278d45531b615d9c3ee875835ba4f57f26613bf14fed5b536a02cd0f63b150

SHA512
754679408ef37b9d9444314aef47d80b57d4a1d149f214157609417e7a92ba463ebfdfd8fd9abef8f2f9ef3cc297568403ed6cccb72457075dbecfb8f5e00e0f

Download Submit
memory/464-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/464-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/464-15-0x0000000001C20000-0x0000000001D53000-memory.dmp

Filesize
1.2MB

Download
memory/464-20-0x0000000005520000-0x000000000574A000-memory.dmp

Filesize
2.2MB

Download
memory/464-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/464-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2036-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2036-1-0x0000000001C80000-0x0000000001DB3000-memory.dmp

Filesize
1.2MB

Download
memory/2036-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2036-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download