fd588a4df87618f3822bd4f7f60e58cf97a8b75a8eaabe8668406ace5cbaf0f2

Analysis

max time kernel
101s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 09:25

Target

ba9a6f354e9e8f5be652a5bc10e6af60N.exe
Size

59KB
MD5

ba9a6f354e9e8f5be652a5bc10e6af60
SHA1

079bb11b606fe93d8343b00293bd809b15694ac1
SHA256

fd588a4df87618f3822bd4f7f60e58cf97a8b75a8eaabe8668406ace5cbaf0f2
SHA512

99122c1b5f28e90bb1ee1a5a0ead4607fefdffe6cd34e02adf9bbda17cc0a783c005a09a7a104fd649c0269db321ca7b3bde4e315193db4cc3d2f4987d62baa4
SSDEEP

1536:Zcp13tH9T/O5+L2FC2NB3dwvkP0HJt9QVTsMCe4K4ky:Zi9tH9T/O5+4C2N1dwvkP8t+Tu

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3368	ba9a6f354e9e8f5be652a5bc10e6af60N.exe

Executes dropped EXE 1 IoCs

pid	Process
3368	ba9a6f354e9e8f5be652a5bc10e6af60N.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4796-0-0x0000000000400000-0x000000000043D000-memory.dmp	upx
behavioral2/files/0x000900000002345f-11.dat	upx
behavioral2/memory/3368-12-0x0000000000400000-0x000000000043D000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4796	ba9a6f354e9e8f5be652a5bc10e6af60N.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4796	ba9a6f354e9e8f5be652a5bc10e6af60N.exe
3368	ba9a6f354e9e8f5be652a5bc10e6af60N.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 3368	4796	ba9a6f354e9e8f5be652a5bc10e6af60N.exe	84
PID 4796 wrote to memory of 3368	4796	ba9a6f354e9e8f5be652a5bc10e6af60N.exe	84
PID 4796 wrote to memory of 3368	4796	ba9a6f354e9e8f5be652a5bc10e6af60N.exe	84

C:\Users\Admin\AppData\Local\Temp\ba9a6f354e9e8f5be652a5bc10e6af60N.exe

Filesize
59KB

MD5
bc06672b5e13cfef3193e001e73fecf4

SHA1
75eb51c753d519a89dfb6fd86ff00cdec00a63f5

SHA256
84ecffecefbf6ddf768230e7b854c1fc39a16c139d24401c9d5acd9d92a4a750

SHA512
ad1384f2242f86e6ebb7d99fd390e267a42437171e68375884cb247ead0f4338f9c04d70b7b6e482f1a5ac8863f6da0e2d3b06941f324f616be3079d78c4d2a6

Download Submit
memory/3368-12-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/3368-14-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3368-19-0x0000000000190000-0x000000000019F000-memory.dmp

Filesize
60KB

Download
memory/3368-20-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3368-25-0x00000000014B0000-0x00000000014CD000-memory.dmp

Filesize
116KB

Download
memory/3368-26-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4796-0-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/4796-1-0x00000000001C0000-0x00000000001CF000-memory.dmp

Filesize
60KB

Download
memory/4796-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4796-13-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download