01ff58daf1109078a418a106d552a3b2430c34ec4db00640e0ac788559f045e3

Analysis

max time kernel
135s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 05:05

Target

cd2ea28f251bb8dfcae95d482aa276f6.exe
Size

2.7MB
MD5

cd2ea28f251bb8dfcae95d482aa276f6
SHA1

ab9642598b39e273da11080fed3363a88c080285
SHA256

01ff58daf1109078a418a106d552a3b2430c34ec4db00640e0ac788559f045e3
SHA512

07771a4c757a6f71bd5601063f2604b043bbcc6d051db707cfd2e3bffe457a902d4276d1331ca5a3cb35d382fb291cdeafd4dc116898d60726512d2d65cbdff4
SSDEEP

49152:Q2P4twGL+POtyIr+E2pNr7XJR9W/jZdc7ngQxJwC1SM2xqAmVVYuwN+S8zR9j:tBGL4OUbJH4jZ67SQEqAmfRS8zHj

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4576	cd2ea28f251bb8dfcae95d482aa276f6.exe

Executes dropped EXE 1 IoCs

pid	Process
4576	cd2ea28f251bb8dfcae95d482aa276f6.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4864-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000d00000002316d-11.dat	upx
behavioral2/memory/4576-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4864	cd2ea28f251bb8dfcae95d482aa276f6.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4864	cd2ea28f251bb8dfcae95d482aa276f6.exe
4576	cd2ea28f251bb8dfcae95d482aa276f6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 4576	4864	cd2ea28f251bb8dfcae95d482aa276f6.exe	88
PID 4864 wrote to memory of 4576	4864	cd2ea28f251bb8dfcae95d482aa276f6.exe	88
PID 4864 wrote to memory of 4576	4864	cd2ea28f251bb8dfcae95d482aa276f6.exe	88

C:\Users\Admin\AppData\Local\Temp\cd2ea28f251bb8dfcae95d482aa276f6.exe

Filesize
896KB

MD5
7de4b6125c91b29a96f4a3fd5187475b

SHA1
5fea5321acfee9a33387fa6d353aed211e53abc0

SHA256
47fdca66ed6aab43e46d36223e89561807d0d6e8e2a79f1e2deb123f681d4ef2

SHA512
074e1e86383cae31d8949d116202c05fc1c68054ce06a78d2fb5f4f33e907213a4359fd517baf4eb4973c114cf22c26556deb8d0dc11a9149161f7902a393bf9

Download Submit
memory/4576-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4576-15-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/4576-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4576-21-0x0000000005590000-0x00000000057B2000-memory.dmp

Filesize
2.1MB

Download
memory/4576-20-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/4576-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4864-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4864-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/4864-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4864-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download