2299dbeab8041ae4aed74f09b9c35c6d171b2456c362f36aeb0a8b54e959ed1a

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 03:25

Target

d515db8043d274236077905381887e59.exe
Size

2.7MB
MD5

d515db8043d274236077905381887e59
SHA1

99bfabc1986a16767c6d30f53b0a5968a3271b23
SHA256

2299dbeab8041ae4aed74f09b9c35c6d171b2456c362f36aeb0a8b54e959ed1a
SHA512

0fc8dbf2c30e2e3798521d00298edef3f896b5bfc83a585bea6a95037e51509d690db1779abd6c5f385dc728f5fd0ef59eeb9e79ed244c505d046b01be80d5dc
SSDEEP

49152:q0BibimJMP2nMkwa5Fm6qglISrRvbR9eV3W6lvWNJRBeG9vAiqNfXk0+gNUDR9j:qfbdJYQ9waK6RFZHeBhvWNJzekqXX+E6

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1120	d515db8043d274236077905381887e59.exe

Executes dropped EXE 1 IoCs

pid	Process
1120	d515db8043d274236077905381887e59.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3752-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000700000001ebc7-11.dat	upx
behavioral2/memory/1120-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3752	d515db8043d274236077905381887e59.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3752	d515db8043d274236077905381887e59.exe
1120	d515db8043d274236077905381887e59.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3752 wrote to memory of 1120	3752	d515db8043d274236077905381887e59.exe	89
PID 3752 wrote to memory of 1120	3752	d515db8043d274236077905381887e59.exe	89
PID 3752 wrote to memory of 1120	3752	d515db8043d274236077905381887e59.exe	89

C:\Users\Admin\AppData\Local\Temp\d515db8043d274236077905381887e59.exe

Filesize
1.2MB

MD5
395a10ca72e8991b46f33a3890ad30b2

SHA1
b5b1b5a109f535f793b6042fb9049c8fe1fc06b1

SHA256
23e31c16c3277733aa8cc8872c3856f401c2f8bc13bb2e3c21a94b772ba7c4ee

SHA512
07352f02ab46dd5c89ad3fb9374bb7d201b04b84b82fdc1a32bd9c2decfc52ab3304c42e659f888194d20a7d762484e2d6d3e0a384f8afb58eca60ebddedac2c

Download Submit
memory/1120-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1120-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1120-16-0x0000000001D10000-0x0000000001E41000-memory.dmp

Filesize
1.2MB

Download
memory/1120-20-0x0000000005600000-0x0000000005822000-memory.dmp

Filesize
2.1MB

Download
memory/1120-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1120-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3752-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3752-1-0x0000000001C70000-0x0000000001DA1000-memory.dmp

Filesize
1.2MB

Download
memory/3752-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3752-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download