3a6fe2e056ccfeead8d38f2347db08d385a087fa8d17f6a8183e5cc10baaff98

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 10:12

Target

dee9927780245873a179f0ac37e2e20f.exe
Size

3.9MB
MD5

dee9927780245873a179f0ac37e2e20f
SHA1

292e6dc6193983f2dc4240fb9ae94cf61d4f1bcd
SHA256

3a6fe2e056ccfeead8d38f2347db08d385a087fa8d17f6a8183e5cc10baaff98
SHA512

b3bb6bd21f2466c303e7ad4eb68ddc0524f2b0b351b39af74282d0ebc857590a9d0f09cb264c58ee86dcef34f4f195dcc32fd3d68377a8dc6b8a9f1e84e06a00
SSDEEP

98304:wgVp7D0Jl4Megg3gnl/IVUt4pJWzZtIygg3gnl/IVUV:wIn0Jl4Mqgl/iwgWttJgl/iG

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1008	dee9927780245873a179f0ac37e2e20f.exe

Executes dropped EXE 1 IoCs

pid	Process
1008	dee9927780245873a179f0ac37e2e20f.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2504-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023226-11.dat	upx
behavioral2/memory/1008-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2504	dee9927780245873a179f0ac37e2e20f.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2504	dee9927780245873a179f0ac37e2e20f.exe
1008	dee9927780245873a179f0ac37e2e20f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 1008	2504	dee9927780245873a179f0ac37e2e20f.exe	87
PID 2504 wrote to memory of 1008	2504	dee9927780245873a179f0ac37e2e20f.exe	87
PID 2504 wrote to memory of 1008	2504	dee9927780245873a179f0ac37e2e20f.exe	87

C:\Users\Admin\AppData\Local\Temp\dee9927780245873a179f0ac37e2e20f.exe

Filesize
785KB

MD5
be1de5ce46ab118dc3d5bf7f38ad4f33

SHA1
4cd6d167859b4b49ee06426ed54ba27fef0c58ab

SHA256
5a2373943a12efffc0f192fb902b59036d29aecf27417b7a0dee8800d313b2c9

SHA512
5754b1a6ec9b277e65d459cf7e54af300203a844f73fc77505b3c67a318470ca1ee54761607d25c2774729f91a076af9cf33d35ee9a49ba8945dd09bac24ee60

Download Submit
memory/1008-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1008-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1008-15-0x0000000001CC0000-0x0000000001DF3000-memory.dmp

Filesize
1.2MB

Download
memory/1008-21-0x00000000055C0000-0x00000000057EA000-memory.dmp

Filesize
2.2MB

Download
memory/1008-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1008-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2504-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2504-1-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/2504-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2504-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download