73fa8083f3f22444a5535ebfe527cca574d7fc9b06d2bf07b8dea14b3524aaa9

Analysis

max time kernel
144s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 10:36

Target

e175920ffdcb660c4f1226e004ae2ed7.exe
Size

5.8MB
MD5

e175920ffdcb660c4f1226e004ae2ed7
SHA1

4d69f6a6029b0f54348043724274e4ae60439a82
SHA256

73fa8083f3f22444a5535ebfe527cca574d7fc9b06d2bf07b8dea14b3524aaa9
SHA512

f2a3547946a2f777b9beb715d8bc15debdf5b869a7d37f6bbcc157df00268c1c98eef73940e20498f18e541f748748ae7f7cf39fe46622e17115df74714b5cd5
SSDEEP

98304:hjbBA58jnzgg3gnl/IVUs1jePsQTZSdnpMWVEaWuugg3gnl/IVUs1jePs:VbBA58bpgl/iBiPFlA3fagl/iBiP

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1132	e175920ffdcb660c4f1226e004ae2ed7.exe

Executes dropped EXE 1 IoCs

pid	Process
1132	e175920ffdcb660c4f1226e004ae2ed7.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2936-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0008000000023201-11.dat	upx
behavioral2/memory/1132-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2936	e175920ffdcb660c4f1226e004ae2ed7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2936	e175920ffdcb660c4f1226e004ae2ed7.exe
1132	e175920ffdcb660c4f1226e004ae2ed7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 1132	2936	e175920ffdcb660c4f1226e004ae2ed7.exe	89
PID 2936 wrote to memory of 1132	2936	e175920ffdcb660c4f1226e004ae2ed7.exe	89
PID 2936 wrote to memory of 1132	2936	e175920ffdcb660c4f1226e004ae2ed7.exe	89

C:\Users\Admin\AppData\Local\Temp\e175920ffdcb660c4f1226e004ae2ed7.exe

Filesize
5.8MB

MD5
3fd35b157ad867d4eaf1eb25f74ac0b7

SHA1
1e95ac585ffca7f020159ecd424930740db9f767

SHA256
acd3ef5bc2b03511fe9364c64d674dfd6dc33cc4dcdb48f85741046556c5b570

SHA512
2b5e73bccb8a71776ba3fee29adeca57346531715f93f5fb4600e5137833ddcf543b4a02fbd9896dd5d04c118ec555fe012e2392a5e13e6b5580aace5367afd8

Download Submit
memory/1132-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1132-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1132-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1132-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/1132-21-0x00000000055D0000-0x00000000057FA000-memory.dmp

Filesize
2.2MB

Download
memory/1132-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2936-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2936-1-0x0000000001A30000-0x0000000001B63000-memory.dmp

Filesize
1.2MB

Download
memory/2936-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2936-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download