21fae7ddf956a33de20f0c95082e45526b439d6f9e05eee38ef6991b1b43dc47

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25/03/2024, 11:23

Target

dde4ba5f4f6eec992e7ab6c91c22cbb0.exe
Size

59KB
MD5

dde4ba5f4f6eec992e7ab6c91c22cbb0
SHA1

0b03fbb80c03c82525e0021dfaf1a1542ce1129f
SHA256

21fae7ddf956a33de20f0c95082e45526b439d6f9e05eee38ef6991b1b43dc47
SHA512

e2e2a7e4a72e11063a8143336b91c082cc5fd659ad532a864da7878ab1a0d4d48818bf075e509d7bc96a1ffd0d5f38e8a74b52b015a564fcaa45190c1010ad76
SSDEEP

1536:b2V7I4qYCjZ/s0OaN/QESh9Xlc8ExzeiED5g3K5UasKkSNVd5UHpVc:A84qYCjZE0z/2h9VNEwLWIt4S3gHjc

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4740	dde4ba5f4f6eec992e7ab6c91c22cbb0.exe

Executes dropped EXE 1 IoCs

pid	Process
4740	dde4ba5f4f6eec992e7ab6c91c22cbb0.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1648-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral2/files/0x000400000001e980-11.dat	upx
behavioral2/memory/4740-13-0x0000000000400000-0x000000000043D000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1648	dde4ba5f4f6eec992e7ab6c91c22cbb0.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1648	dde4ba5f4f6eec992e7ab6c91c22cbb0.exe
4740	dde4ba5f4f6eec992e7ab6c91c22cbb0.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 4740	1648	dde4ba5f4f6eec992e7ab6c91c22cbb0.exe	91
PID 1648 wrote to memory of 4740	1648	dde4ba5f4f6eec992e7ab6c91c22cbb0.exe	91
PID 1648 wrote to memory of 4740	1648	dde4ba5f4f6eec992e7ab6c91c22cbb0.exe	91

C:\Users\Admin\AppData\Local\Temp\dde4ba5f4f6eec992e7ab6c91c22cbb0.exe

Filesize
59KB

MD5
5fa5a38d984da5880e39a4561fe8b030

SHA1
1495b831ae19743732828668e6fa58f4c9974f87

SHA256
8ca1acb991090331652c37b5f1ab538ddba5c5aecb8102974b9ae6b98ea0a042

SHA512
4f940083f48b0ab127357999b05d8fb2a9aa4f7e43f7615819d97da5e830ddbe7a944ad6d6e55c6782079618b6a99178d887453af3c86f318effde6415faadf8

Download Submit
memory/1648-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1648-1-0x00000000000E0000-0x00000000000EF000-memory.dmp

Filesize
60KB

Download
memory/1648-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1648-12-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4740-14-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4740-13-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4740-15-0x00000000000C0000-0x00000000000CF000-memory.dmp

Filesize
60KB

Download
memory/4740-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/4740-25-0x0000000001570000-0x000000000158D000-memory.dmp

Filesize
116KB

Download
memory/4740-26-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download