12c6abb41a4d88349c11abc95b1a51081ade7a51f9fdf0ff5ccf5a959537bb62

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 14:11

Target

d3b4fd9d6a4c7d1486613465c4d29d2a.exe
Size

2.9MB
MD5

d3b4fd9d6a4c7d1486613465c4d29d2a
SHA1

71c7936be10fb79c4367929755df3081fa738c32
SHA256

12c6abb41a4d88349c11abc95b1a51081ade7a51f9fdf0ff5ccf5a959537bb62
SHA512

0fe690a202900b6103681fc9c43497dac455ba7aca51d9c6833e368753f07e678276ae24b06652103e761673a3fa71381ddb211868bbcfa31adf84f0429db42e
SSDEEP

49152:LP7EHY/0x4MrSguG+EaeUTbk3/prZ/Dnl1+1+MBRpo6oh:77iYsCMr0GCcprZ/+1+M7arh

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
112	d3b4fd9d6a4c7d1486613465c4d29d2a.exe

Executes dropped EXE 1 IoCs

pid	Process
112	d3b4fd9d6a4c7d1486613465c4d29d2a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2444-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023263-11.dat	upx
behavioral2/memory/112-12-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2444	d3b4fd9d6a4c7d1486613465c4d29d2a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2444	d3b4fd9d6a4c7d1486613465c4d29d2a.exe
112	d3b4fd9d6a4c7d1486613465c4d29d2a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 112	2444	d3b4fd9d6a4c7d1486613465c4d29d2a.exe	88
PID 2444 wrote to memory of 112	2444	d3b4fd9d6a4c7d1486613465c4d29d2a.exe	88
PID 2444 wrote to memory of 112	2444	d3b4fd9d6a4c7d1486613465c4d29d2a.exe	88

C:\Users\Admin\AppData\Local\Temp\d3b4fd9d6a4c7d1486613465c4d29d2a.exe

Filesize
448KB

MD5
d353d61d0a0e988434fbd000982162f3

SHA1
257863836c11b161eeb4686fd079cc55afcb3b50

SHA256
ab1621f99c379c2846bac29451e494ebe3e27e2d4d0d88e2e051a7c6eb1306de

SHA512
7c42911f51d83e1e8b31c2b77e8e27209f5aa04ca9662498b6de25fe7017c2020adea5cbc1e64dd9c5c189672a0f06fa7b20005688c21d26f88c223cadfed590

Download Submit
memory/112-14-0x0000000001D00000-0x0000000001E33000-memory.dmp

Filesize
1.2MB

Download
memory/112-12-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/112-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/112-20-0x0000000005600000-0x000000000582A000-memory.dmp

Filesize
2.2MB

Download
memory/112-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/112-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2444-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2444-1-0x0000000001D30000-0x0000000001E63000-memory.dmp

Filesize
1.2MB

Download
memory/2444-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2444-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download