2ace752285cf3cd15d534c168985f9ec4387f5007e5efba9142d3e0955aa579f

Analysis

max time kernel
93s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 19:55

Target

d4614d88a46d798d9def21d50ba8e71d.exe
Size

5.8MB
MD5

d4614d88a46d798d9def21d50ba8e71d
SHA1

4aa03c9b4a81aed908dc30a42f460a7fbfd2d711
SHA256

2ace752285cf3cd15d534c168985f9ec4387f5007e5efba9142d3e0955aa579f
SHA512

a6e84bdab5289759943103db1bc9b34da89f7d9992e4b4202c24c5d26d0fed52c615114c41fcfd7dbe30c45b1fe36b008830a80b94b7376a1a7c07d88fb05593
SSDEEP

98304:wxoJDWi9BMdDolgg3gnl/IVUs1jePsyrFVikerpUZjwuxNgg3gnl/IVUs1jePs:wxoJW8UGgl/iBiPTikelUZjwuBgl/iBg

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4352	d4614d88a46d798d9def21d50ba8e71d.exe

Executes dropped EXE 1 IoCs

pid	Process
4352	d4614d88a46d798d9def21d50ba8e71d.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3160-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023225-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3160	d4614d88a46d798d9def21d50ba8e71d.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3160	d4614d88a46d798d9def21d50ba8e71d.exe
4352	d4614d88a46d798d9def21d50ba8e71d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3160 wrote to memory of 4352	3160	d4614d88a46d798d9def21d50ba8e71d.exe	85
PID 3160 wrote to memory of 4352	3160	d4614d88a46d798d9def21d50ba8e71d.exe	85
PID 3160 wrote to memory of 4352	3160	d4614d88a46d798d9def21d50ba8e71d.exe	85

C:\Users\Admin\AppData\Local\Temp\d4614d88a46d798d9def21d50ba8e71d.exe

Filesize
1.7MB

MD5
ce9138c2d066514afbfb1216a3dbc8de

SHA1
5248c12ffb5e9385c39a40d7fab66f44e2b7fce6

SHA256
cc2943b945cf873a60dd010cdd448d908197b24d4313daac1a8c4dc7055658e7

SHA512
21003d8d9ca96cd7bd0ccda0d6943224bcb5e72e5e5f83e4b2e59a55c1722b800d471d26717f9bc2fbd9828d09dae2d2d31543ef179e8ce80bb97f02033b9a63

Download Submit
memory/3160-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3160-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3160-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3160-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4352-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4352-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4352-16-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/4352-20-0x0000000005690000-0x00000000058BA000-memory.dmp

Filesize
2.2MB

Download
memory/4352-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4352-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download