e6c7a1fd913366a70f41b18fa07c19aca07d14d56f11b5bce73d6248de22cf45

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 20:41

Target

d711adcaf142d554902eb5ec27bbe2d8.exe
Size

1.3MB
MD5

d711adcaf142d554902eb5ec27bbe2d8
SHA1

76d5335590bbc52d93b61398ecfdd1dd9217cffa
SHA256

e6c7a1fd913366a70f41b18fa07c19aca07d14d56f11b5bce73d6248de22cf45
SHA512

5bcf9846a88ef97a329f75ec208386809ee5d935a967c6f3def5f13547fc481375af3689796a428ec9f2c368c3eba9ec7b860d8366be62bc1b8876867a46de0e
SSDEEP

24576:kIKsRyn/WaxwCc12UDE5sS9mQXVY1gRxa3qM/xf3uNLOrUc/9vyXBUFVU9/9Us:2scOQPcQME2ZaV2M2t6eVvq+GR9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1608	d711adcaf142d554902eb5ec27bbe2d8.exe

Executes dropped EXE 1 IoCs

pid	Process
1608	d711adcaf142d554902eb5ec27bbe2d8.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2292-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000f00000002313b-11.dat	upx
behavioral2/memory/1608-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2292	d711adcaf142d554902eb5ec27bbe2d8.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2292	d711adcaf142d554902eb5ec27bbe2d8.exe
1608	d711adcaf142d554902eb5ec27bbe2d8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 1608	2292	d711adcaf142d554902eb5ec27bbe2d8.exe	88
PID 2292 wrote to memory of 1608	2292	d711adcaf142d554902eb5ec27bbe2d8.exe	88
PID 2292 wrote to memory of 1608	2292	d711adcaf142d554902eb5ec27bbe2d8.exe	88

C:\Users\Admin\AppData\Local\Temp\d711adcaf142d554902eb5ec27bbe2d8.exe

Filesize
1.3MB

MD5
39d06f356137bc3a4f07198db85b0c2d

SHA1
921821b6da6df21c8a2e2aacd7601ca76bf35799

SHA256
884b51f6600069b5b0d4a76f15bd3b32f1d9df15d558450bbb23213a0b757358

SHA512
80d37ef8ae9ef614d693bd1dd9fb1c180aeb35be6106e7f5b2e2da40314d46385d5b25731fc3fb1ed8e79c1d2206048feb370239bd1508603a31c26ae396ed06

Download Submit
memory/1608-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1608-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1608-16-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/1608-20-0x0000000005670000-0x0000000005892000-memory.dmp

Filesize
2.1MB

Download
memory/1608-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1608-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2292-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2292-1-0x0000000001CF0000-0x0000000001E21000-memory.dmp

Filesize
1.2MB

Download
memory/2292-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2292-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download