06b83b6bc1f6e2ba80f84f9749c234b0075b2157bec1c387add12b87b81eaac9

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 15:25

Target

d6750cb03545797c0070dfdeeac8c25a.exe
Size

2.9MB
MD5

d6750cb03545797c0070dfdeeac8c25a
SHA1

4acd40870186dfe0b13edee4240ebc1d2071400b
SHA256

06b83b6bc1f6e2ba80f84f9749c234b0075b2157bec1c387add12b87b81eaac9
SHA512

77c827d7d269ac1eaabb087b639ba69ce716d59fe2be99034a92b87dc1a56aa35eefd7878fd9bbc891b171647a01d55c2d2dc62b6898ccdc538ffdf8ea19cf05
SSDEEP

49152:W5O9JB/DqZqs3LKrJrFM6s3cp8IP4M338dB2IBlGuuDVUsdxxjeQZwxPYRKs:DBDqD3LKrJhZsMp8Igg3gnl/IVUs1jek

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3524	d6750cb03545797c0070dfdeeac8c25a.exe

Executes dropped EXE 1 IoCs

pid	Process
3524	d6750cb03545797c0070dfdeeac8c25a.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/216-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023234-11.dat	upx
behavioral2/memory/3524-12-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
216	d6750cb03545797c0070dfdeeac8c25a.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
216	d6750cb03545797c0070dfdeeac8c25a.exe
3524	d6750cb03545797c0070dfdeeac8c25a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 3524	216	d6750cb03545797c0070dfdeeac8c25a.exe	88
PID 216 wrote to memory of 3524	216	d6750cb03545797c0070dfdeeac8c25a.exe	88
PID 216 wrote to memory of 3524	216	d6750cb03545797c0070dfdeeac8c25a.exe	88

C:\Users\Admin\AppData\Local\Temp\d6750cb03545797c0070dfdeeac8c25a.exe

Filesize
2.9MB

MD5
bdde42b5104cb68095f9571f1824195a

SHA1
6fb0e1f9dc170140590f66d6b4de4f0bc7be9be2

SHA256
6c16ff178e2c295a8db90270d9ce90062ac8318e4d2bdd8804f1e71fc246081c

SHA512
ffe9c8cbef1c0e41141d16032f529a239501a84be2f9088a2459ffee557d308d79148c98baad868d2f30e5767dfdbe376c8d64b88beab6167b0124f7c77e2d67

Download Submit
memory/216-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/216-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/216-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/216-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3524-12-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3524-15-0x0000000001C80000-0x0000000001DB3000-memory.dmp

Filesize
1.2MB

Download
memory/3524-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3524-21-0x0000000005580000-0x00000000057AA000-memory.dmp

Filesize
2.2MB

Download
memory/3524-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3524-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download