119e7dc97657bafae8f25a38a6a1efe32c067d7302f0a1e3419a906e8be6cde2

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 07:06

Target

d580b3602b516cbc90da67feab24af5b.exe
Size

1.3MB
MD5

d580b3602b516cbc90da67feab24af5b
SHA1

9c92b76a09ac6974a45305c8bd8f94a60c977c50
SHA256

119e7dc97657bafae8f25a38a6a1efe32c067d7302f0a1e3419a906e8be6cde2
SHA512

89042770858423841cf9d2e8099aee587673be9d14c46824310cb178f8cb45dbb5b1da5dda1a39ce0304f8db631de6c1bbbc478be98aaf60d62dd73cab64d375
SSDEEP

24576:fa/AnVEkmbSlZbDDLEYQhEu7SgMk5xAoBeD4cKVVBOvOWO:CoEkkSlZbvg3hF7SgMkngD4FvBIOf

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1264	d580b3602b516cbc90da67feab24af5b.exe

Executes dropped EXE 1 IoCs

pid	Process
1264	d580b3602b516cbc90da67feab24af5b.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1568-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000400000001e5eb-11.dat	upx
behavioral2/memory/1264-12-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1568	d580b3602b516cbc90da67feab24af5b.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1568	d580b3602b516cbc90da67feab24af5b.exe
1264	d580b3602b516cbc90da67feab24af5b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 1264	1568	d580b3602b516cbc90da67feab24af5b.exe	89
PID 1568 wrote to memory of 1264	1568	d580b3602b516cbc90da67feab24af5b.exe	89
PID 1568 wrote to memory of 1264	1568	d580b3602b516cbc90da67feab24af5b.exe	89

C:\Users\Admin\AppData\Local\Temp\d580b3602b516cbc90da67feab24af5b.exe

Filesize
64KB

MD5
45e700e8d052e051e1ec1b67aaba0b23

SHA1
31dcec0b977daad3ad07b4bca117845c5b97dd55

SHA256
7a7713ff30371f107799c7f3753302ed7c4ad1d9c2e53f421dcb0f7cd0fa4662

SHA512
15e9d31173434e1753d76c2f7d6d2b734e96d706bf9a0aaadee7c8860a9fbd38548e0b1e8f99e275a23fe184359ce73343ccfc9617b13e91c4d88920987e6e4c

Download Submit
memory/1264-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1264-15-0x0000000001C70000-0x0000000001DA3000-memory.dmp

Filesize
1.2MB

Download
memory/1264-12-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1264-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1264-22-0x0000000005570000-0x000000000579A000-memory.dmp

Filesize
2.2MB

Download
memory/1264-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1568-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1568-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1568-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1568-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download