14788a4655af98cdfbf20d3c137784966872cb118fc64e69c88315ede59919fb

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 02:49

Target

560d5d13c51df5f461d7d033b50691c7.exe
Size

1.3MB
MD5

560d5d13c51df5f461d7d033b50691c7
SHA1

158c3ab72da37f323863264a59267715e9f16709
SHA256

14788a4655af98cdfbf20d3c137784966872cb118fc64e69c88315ede59919fb
SHA512

f8d26ab39a2ba3a87e952338dbfa2e6d2b544b89f680737257e7af593a2f98f711a1f21231cd3d2e1c5695e3d1383d95dfb7f4893339e5e89e517ded67b597ac
SSDEEP

24576:gRhc9XpXz1/EEyQBgeKZIYcvL6g72WN8ghSIa8zTr1jQbQNL+PkU9/9Us:gRqXZNueK2972WNbBa8z9j4QNL+7R9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4260	560d5d13c51df5f461d7d033b50691c7.exe

Executes dropped EXE 1 IoCs

pid	Process
4260	560d5d13c51df5f461d7d033b50691c7.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4624-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x00050000000006e9-11.dat	upx
behavioral2/memory/4260-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4624	560d5d13c51df5f461d7d033b50691c7.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4624	560d5d13c51df5f461d7d033b50691c7.exe
4260	560d5d13c51df5f461d7d033b50691c7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 4260	4624	560d5d13c51df5f461d7d033b50691c7.exe	89
PID 4624 wrote to memory of 4260	4624	560d5d13c51df5f461d7d033b50691c7.exe	89
PID 4624 wrote to memory of 4260	4624	560d5d13c51df5f461d7d033b50691c7.exe	89

C:\Users\Admin\AppData\Local\Temp\560d5d13c51df5f461d7d033b50691c7.exe

Filesize
467KB

MD5
fc875081b42f9605bd27ba3d35676bf1

SHA1
686638b26a627cf60a43696f1af20bbe460d98e7

SHA256
205d862218d9727bbaa46d7d9bba5f741c2d688ac9eca7452d37d4c2684fa202

SHA512
98d1ec039aad58c1492642ccd52fcfa5f7be9670bcb5cf29b85311ab629dd28f114795ed44e842030e65c3654eec9c00388cb914f0e6bc83b8dc7dfaff0b4d7e

Download Submit
memory/4260-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4260-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4260-16-0x0000000001CB0000-0x0000000001DE1000-memory.dmp

Filesize
1.2MB

Download
memory/4260-20-0x00000000055A0000-0x00000000057C2000-memory.dmp

Filesize
2.1MB

Download
memory/4260-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/4260-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4624-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4624-1-0x0000000001C60000-0x0000000001D91000-memory.dmp

Filesize
1.2MB

Download
memory/4624-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4624-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download