edaaa97879681fec78b50bd39fb5755021d52b805c73aaee9924aae3f2f7f8a7

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 14:52

Target

d3c9447e9f6659b18ac349b52235ecb8.exe
Size

2.9MB
MD5

d3c9447e9f6659b18ac349b52235ecb8
SHA1

9ce7773ef7c3507828363cab898613b1e8c60759
SHA256

edaaa97879681fec78b50bd39fb5755021d52b805c73aaee9924aae3f2f7f8a7
SHA512

be2b8be3aee2651a5fb93eab8cdde1865ee53727a405712a787574b202d6326e68a590ab37a3e10f8b81355465b7af4ee5c50a52f94fbafb48c293e2f338e1e3
SSDEEP

49152:SaEH33e2AUADqCUC5+wFVEmacAP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:o33t6gs+HfcAgg3gnl/IVUs1jePs

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3632	d3c9447e9f6659b18ac349b52235ecb8.exe

Executes dropped EXE 1 IoCs

pid	Process
3632	d3c9447e9f6659b18ac349b52235ecb8.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3124-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023211-11.dat	upx
behavioral2/memory/3632-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3124	d3c9447e9f6659b18ac349b52235ecb8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3124	d3c9447e9f6659b18ac349b52235ecb8.exe
3632	d3c9447e9f6659b18ac349b52235ecb8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3124 wrote to memory of 3632	3124	d3c9447e9f6659b18ac349b52235ecb8.exe	90
PID 3124 wrote to memory of 3632	3124	d3c9447e9f6659b18ac349b52235ecb8.exe	90
PID 3124 wrote to memory of 3632	3124	d3c9447e9f6659b18ac349b52235ecb8.exe	90

C:\Users\Admin\AppData\Local\Temp\d3c9447e9f6659b18ac349b52235ecb8.exe

Filesize
2.9MB

MD5
b415beda3d884663f7e82d6000897eb0

SHA1
2100334aa6df60dc1447b012764b0511d4db11c5

SHA256
b619ccd1bf15f8a8b224192b5b3c46aece92b157e63cf31d0dfa9d59eb83d576

SHA512
ecdb5e3bc0de165bf5bd2544c29bc27b54fa45d508270b785d2ad4f00e742666c4afa8be64ce633cc0ca001230ac8022e0400c1668f58acb0c93154bfe3ced77

Download Submit
memory/3124-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3124-1-0x0000000001D30000-0x0000000001E63000-memory.dmp

Filesize
1.2MB

Download
memory/3124-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3124-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3632-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3632-14-0x0000000001D10000-0x0000000001E43000-memory.dmp

Filesize
1.2MB

Download
memory/3632-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3632-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3632-22-0x0000000005610000-0x000000000583A000-memory.dmp

Filesize
2.2MB

Download
memory/3632-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download