18057df306473592945254ad0454d27fba6e4e142109e789d885d399c73c84fb

Analysis

max time kernel
157s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 08:50

Target

d5b42d9f83652fcd8b398fa1650869d3.exe
Size

2.7MB
MD5

d5b42d9f83652fcd8b398fa1650869d3
SHA1

8eeecda89e26ff0011701c5acc0c5c28189f7c17
SHA256

18057df306473592945254ad0454d27fba6e4e142109e789d885d399c73c84fb
SHA512

03452a51c644713a5e2ed2ea8acfd850181d41615e5cb7468c15db37c8079d4e0a91c151bbee1992a4bc79fc802e05623488b7ed9266fda03bea05d019c701cf
SSDEEP

49152:cgnT8k6kZ5lzDen2B3P7My8hLR9DwqUvhYFe6SxTQOQKW7JHQ2y6yTOcdxUvs+Rt:RTvZbOip8hLHDwzvhH6SRVQKW1wGExUn

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4612	d5b42d9f83652fcd8b398fa1650869d3.exe

Executes dropped EXE 1 IoCs

pid	Process
4612	d5b42d9f83652fcd8b398fa1650869d3.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/560-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0007000000023215-11.dat	upx
behavioral2/memory/4612-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
560	d5b42d9f83652fcd8b398fa1650869d3.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
560	d5b42d9f83652fcd8b398fa1650869d3.exe
4612	d5b42d9f83652fcd8b398fa1650869d3.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 560 wrote to memory of 4612	560	d5b42d9f83652fcd8b398fa1650869d3.exe	88
PID 560 wrote to memory of 4612	560	d5b42d9f83652fcd8b398fa1650869d3.exe	88
PID 560 wrote to memory of 4612	560	d5b42d9f83652fcd8b398fa1650869d3.exe	88

C:\Users\Admin\AppData\Local\Temp\d5b42d9f83652fcd8b398fa1650869d3.exe

Filesize
2.7MB

MD5
13071f61b3d0d5472b9336b2f4a0ebc7

SHA1
5facbc991ee2ecdfcb89d454c5fed73f3e25c531

SHA256
ad267338476148f7fd8e44aaf3ad531741bedbd04ce14e99aa586ccc1b5dc274

SHA512
cb11202db526ff4c0f42bec95b9ff006c36da6710e6a1dfe2d25e54489553cadffc516d27fdd2a27721b3b11fc499e0d2d5f4396f00b971062c303997b0d2f08

Download Submit
memory/560-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/560-1-0x0000000001D20000-0x0000000001E51000-memory.dmp

Filesize
1.2MB

Download
memory/560-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/560-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4612-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4612-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4612-16-0x0000000001C60000-0x0000000001D91000-memory.dmp

Filesize
1.2MB

Download
memory/4612-20-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/4612-21-0x0000000005550000-0x0000000005772000-memory.dmp

Filesize
2.1MB

Download
memory/4612-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download