101109d224c5a91318b8b1478ada4478184a3b34b8f32e56f3d2c4d20b210858

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 20:27

Target

e006f82f647d0c511dbd4b0fbdd31531.exe
Size

5.8MB
MD5

e006f82f647d0c511dbd4b0fbdd31531
SHA1

60d5c5c2f98133f15f4b83875f86bc494c5f3a1b
SHA256

101109d224c5a91318b8b1478ada4478184a3b34b8f32e56f3d2c4d20b210858
SHA512

d4facb6e11a7dbc103bb248070f22b869fef972645d2d02a79862db9a63a07e871615f3dbf3a982f3f047d85a32c3cd4b57f1eae604c6b3ca493f42748c4e5d2
SSDEEP

98304:+TXRhwHmpHau42c1joCjMPkNwk6alDAqD7z3uboHau42c1joCjMPkNwk6:+TXRhiMauq1jI86FA7y2auq1jI86

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3316	e006f82f647d0c511dbd4b0fbdd31531.exe

Executes dropped EXE 1 IoCs

pid	Process
3316	e006f82f647d0c511dbd4b0fbdd31531.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5000-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023200-11.dat	upx
behavioral2/memory/3316-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
5000	e006f82f647d0c511dbd4b0fbdd31531.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
5000	e006f82f647d0c511dbd4b0fbdd31531.exe
3316	e006f82f647d0c511dbd4b0fbdd31531.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 3316	5000	e006f82f647d0c511dbd4b0fbdd31531.exe	88
PID 5000 wrote to memory of 3316	5000	e006f82f647d0c511dbd4b0fbdd31531.exe	88
PID 5000 wrote to memory of 3316	5000	e006f82f647d0c511dbd4b0fbdd31531.exe	88

C:\Users\Admin\AppData\Local\Temp\e006f82f647d0c511dbd4b0fbdd31531.exe

Filesize
1.8MB

MD5
26ee0fda7c0506bfa917fd8fa73b5c5c

SHA1
c4aff295912faea4740f7b35cc11da240c572320

SHA256
44d649b0aeb2511f459bcf1e108c26649f0f75fe24666528dec7b67aba36c94f

SHA512
904a3f0ccfbe7c720dc1b756a80d94a4cebb9e9bc2c77c443cd1aed821d9e03e628ff68076f630aea9b5270440da4806a0366f58d030395d0a79521fcda166b4

Download Submit
memory/3316-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3316-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3316-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3316-20-0x0000000005550000-0x000000000577A000-memory.dmp

Filesize
2.2MB

Download
memory/3316-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/3316-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5000-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5000-1-0x0000000001D50000-0x0000000001E83000-memory.dmp

Filesize
1.2MB

Download
memory/5000-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5000-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download