82f072d94b93f32e58e905da05f215baa8e4758f57ad30d2f08482063f9ed799

Analysis

max time kernel
148s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 16:59

Target

d40a5c7080b1d3b49cffa699f5e0d50f.exe
Size

2.9MB
MD5

d40a5c7080b1d3b49cffa699f5e0d50f
SHA1

e90e3cd8c3f146e8b0c804590e7d5580095aa2c2
SHA256

82f072d94b93f32e58e905da05f215baa8e4758f57ad30d2f08482063f9ed799
SHA512

fca98b9c340515f79f9d0e9ba5b51c2fe88769d5f679b57eb7cfb7fb3056f0bc8f2d7538e67e2e549094622d104b5f6cff0e31236c5039fd6231c1dee361445a
SSDEEP

49152:Uv6DBWGkJ2iX1wQhAfV6+2D0mhD9r6J8vM0aKMBwP4M338dB2IBlGuuDVUsdxxjl:Uv6WpvhCfPGpUJHBwgg3gnl/IVUs1jek

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4864	d40a5c7080b1d3b49cffa699f5e0d50f.exe

Executes dropped EXE 1 IoCs

pid	Process
4864	d40a5c7080b1d3b49cffa699f5e0d50f.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/464-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000200000001f656-11.dat	upx
behavioral2/memory/4864-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
464	d40a5c7080b1d3b49cffa699f5e0d50f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
464	d40a5c7080b1d3b49cffa699f5e0d50f.exe
4864	d40a5c7080b1d3b49cffa699f5e0d50f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 464 wrote to memory of 4864	464	d40a5c7080b1d3b49cffa699f5e0d50f.exe	88
PID 464 wrote to memory of 4864	464	d40a5c7080b1d3b49cffa699f5e0d50f.exe	88
PID 464 wrote to memory of 4864	464	d40a5c7080b1d3b49cffa699f5e0d50f.exe	88

C:\Users\Admin\AppData\Local\Temp\d40a5c7080b1d3b49cffa699f5e0d50f.exe

Filesize
2.9MB

MD5
dcd265dc58def8a990174e1a820564c1

SHA1
4e8f1bff682eedd05a03f0cfec1ae23a5ae038f5

SHA256
2e1c24d4f9b9931882a9457d1df2849aa16ecd2e59624bf416d3f23468b60760

SHA512
aa38c21ddfa24d4b4546da078f865297da1e7755bd04fca512d53e678b4ed7d9a07f215d4e7812e51476a9e97a9be75d6b5aaee4ff4e41f2473987daee2f01f0

Download Submit
memory/464-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/464-1-0x0000000001DA0000-0x0000000001ED3000-memory.dmp

Filesize
1.2MB

Download
memory/464-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/464-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4864-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4864-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4864-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4864-20-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/4864-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download