7933b3d63d62f9673398f67c3a1ff361cab3bdd084f6a56a08f28e113ca7983f

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 03:32

Target

5ba4b40d0e2c9685f4427987afde7b20.exe
Size

5.3MB
MD5

5ba4b40d0e2c9685f4427987afde7b20
SHA1

32f1b0f291a836fa8424a18524c3db124551b7be
SHA256

7933b3d63d62f9673398f67c3a1ff361cab3bdd084f6a56a08f28e113ca7983f
SHA512

06e38b848d5c7943b13fca15d4da6be1d91a1c0ab9573f4e4da7ffb0191a72409c15b17aee243897564d3a408d5c86fdf5b05bfe818ab12df7ccf007133564c9
SSDEEP

98304:QydkLEGeiQP2B/CURrvmHY41Ar14MEK/CIuVla6BvHGFIz0kL6/je8lmHY41Ar1u:QakVS/im4iAJYLjNFmF+RLciim4iAJY/

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2672	5ba4b40d0e2c9685f4427987afde7b20.exe

Executes dropped EXE 1 IoCs

pid	Process
2672	5ba4b40d0e2c9685f4427987afde7b20.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4772-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/memory/2672-14-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0009000000023224-12.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4772	5ba4b40d0e2c9685f4427987afde7b20.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4772	5ba4b40d0e2c9685f4427987afde7b20.exe
2672	5ba4b40d0e2c9685f4427987afde7b20.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 2672	4772	5ba4b40d0e2c9685f4427987afde7b20.exe	30
PID 4772 wrote to memory of 2672	4772	5ba4b40d0e2c9685f4427987afde7b20.exe	30
PID 4772 wrote to memory of 2672	4772	5ba4b40d0e2c9685f4427987afde7b20.exe	30

C:\Users\Admin\AppData\Local\Temp\5ba4b40d0e2c9685f4427987afde7b20.exe

Filesize
298KB

MD5
600fbabed1b9c16f18b35ace88893f52

SHA1
3951a3b4f553834c5eadabdfb7a284a680cea3fd

SHA256
130e51577aecd24fa058dd4f0a5f08aaba19d2ef2d13b369100664b240ac4183

SHA512
b11cfad06de1ad07d5b11cf7e39c167b24151a811d396eb2527c5d29aee0e17a593d078e88c6d4c476e7e6e7bb012606d93c33d6e1d6e564db144a413ca72249

Download Submit
memory/2672-14-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2672-16-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/2672-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2672-22-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2672-21-0x0000000005520000-0x0000000005742000-memory.dmp

Filesize
2.1MB

Download
memory/2672-29-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4772-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4772-1-0x0000000001BE0000-0x0000000001D11000-memory.dmp

Filesize
1.2MB

Download
memory/4772-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4772-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download