37153fc2d960092b34a1329a085e43b796a10406f6ecd576499457ae87712d59

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 20:25

Target

d4727a99650ea5aa72147c4ab5f314d2.exe
Size

5.8MB
MD5

d4727a99650ea5aa72147c4ab5f314d2
SHA1

c2b34222b3f6008b008667a81b686400d0ae1fd0
SHA256

37153fc2d960092b34a1329a085e43b796a10406f6ecd576499457ae87712d59
SHA512

efdac063ef2d671c1b61b0e9760d37714adc982737372ebb56a2e3397a3e44855c84f2c2ad99cc253e4aeb4b2a513c90f261bb4fce73b8b6d3c89e5f01b7e0c7
SSDEEP

98304:bCqHH54HBUCczzM3lFQ02kPB/E4HBUCczzM3:286WCfQ02kP1bWC

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4384	d4727a99650ea5aa72147c4ab5f314d2.exe

Executes dropped EXE 1 IoCs

pid	Process
4384	d4727a99650ea5aa72147c4ab5f314d2.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4408-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000001e980-12.dat	upx
behavioral2/memory/4384-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4408	d4727a99650ea5aa72147c4ab5f314d2.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4408	d4727a99650ea5aa72147c4ab5f314d2.exe
4384	d4727a99650ea5aa72147c4ab5f314d2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4408 wrote to memory of 4384	4408	d4727a99650ea5aa72147c4ab5f314d2.exe	89
PID 4408 wrote to memory of 4384	4408	d4727a99650ea5aa72147c4ab5f314d2.exe	89
PID 4408 wrote to memory of 4384	4408	d4727a99650ea5aa72147c4ab5f314d2.exe	89

C:\Users\Admin\AppData\Local\Temp\d4727a99650ea5aa72147c4ab5f314d2.exe

Filesize
1.1MB

MD5
885fa539bb9582122c39f696584bc46d

SHA1
981944648230796db5324acf0e2f32eb7c2a7dd5

SHA256
7bcb1abf90818eb1dbe30628ef546e9eb529a5ad63f0ff1654415b60e9b75248

SHA512
8877e3a50864841fc99029f5801f98d39fe082cbfba8c1edb73229d45945e9eb3538f1cec49171d773a1d9fa1f9d7496d5035179c36d03730371724ce21871d2

Download Submit
memory/4384-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4384-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4384-16-0x0000000001C90000-0x0000000001DC3000-memory.dmp

Filesize
1.2MB

Download
memory/4384-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4384-21-0x0000000005590000-0x00000000057BA000-memory.dmp

Filesize
2.2MB

Download
memory/4384-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4408-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4408-1-0x0000000001CD0000-0x0000000001E03000-memory.dmp

Filesize
1.2MB

Download
memory/4408-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4408-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download