7070d40aa507c62ba33b4e38302e3720f8b3b3d9085bb5047da64a513fe3dda9

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2024 13:58

Target

de2cf002522a027f8c3131f37e519e05.exe
Size

115KB
MD5

de2cf002522a027f8c3131f37e519e05
SHA1

d94015451051ab9c9f2e7bec8d5d0349368ccad6
SHA256

7070d40aa507c62ba33b4e38302e3720f8b3b3d9085bb5047da64a513fe3dda9
SHA512

dbf52a4c370e0f9c8cae806827aa573bf9ab7fb8bf3c6c60ce3bfbff65831741f9141a6583192fcaaf114867a8a9c1f06208cb80648d179071f4c6eff9842a17
SSDEEP

3072:+veLkJ9VNegzClL+B98NMIRNq0R43lR3iZ/fXQJIDb2:+Y0HoYGSiqy43lYJfXsIb

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3168	de2cf002522a027f8c3131f37e519e05.exe

Executes dropped EXE 1 IoCs

pid	Process
3168	de2cf002522a027f8c3131f37e519e05.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5056-0-0x0000000000400000-0x0000000000475000-memory.dmp	upx
behavioral2/files/0x0008000000023208-13.dat	upx
behavioral2/memory/3168-15-0x0000000000400000-0x0000000000475000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5056	de2cf002522a027f8c3131f37e519e05.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5056	de2cf002522a027f8c3131f37e519e05.exe
3168	de2cf002522a027f8c3131f37e519e05.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 3168	5056	de2cf002522a027f8c3131f37e519e05.exe	89
PID 5056 wrote to memory of 3168	5056	de2cf002522a027f8c3131f37e519e05.exe	89
PID 5056 wrote to memory of 3168	5056	de2cf002522a027f8c3131f37e519e05.exe	89

C:\Users\Admin\AppData\Local\Temp\de2cf002522a027f8c3131f37e519e05.exe

Filesize
115KB

MD5
4929d7d6fbceb403b168bbdb05c6afd8

SHA1
1c1e3656f29fbd31aa2f0595ce1f2c95e0a6040f

SHA256
bc9ee8d565a62ac8efbda88f3978baac5385416f7b808dd109c0404b08e321e4

SHA512
36cd00f764b11973eab39f6d9729e32417e905511a66a021b88632df469dfe5e35f82eed001742a2aa558720cfdf694858d811dbaec24dcb73b296d13abddbcb

Download Submit
memory/3168-15-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/3168-16-0x00000000001D0000-0x00000000001ED000-memory.dmp

Filesize
116KB

Download
memory/3168-23-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3168-28-0x00000000015B0000-0x00000000015CD000-memory.dmp

Filesize
116KB

Download
memory/3168-29-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5056-0-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download
memory/5056-1-0x00000000001B0000-0x00000000001CD000-memory.dmp

Filesize
116KB

Download
memory/5056-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5056-14-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download