da4d05334c6e7cc8ef2251d0dc9ab45f0d8174a32a46c8fae20615cf7dd43a8d

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 02:53

Target

56ee3ebf7adc4de6393bcbc27ae235e9.exe
Size

2.4MB
MD5

56ee3ebf7adc4de6393bcbc27ae235e9
SHA1

da74cd6437d4cf62d4244df8516b3d5fa6b69bf8
SHA256

da4d05334c6e7cc8ef2251d0dc9ab45f0d8174a32a46c8fae20615cf7dd43a8d
SHA512

d895a0e99d50621c9ffd187e66b4aa59a8f06f4277fc5e14ec0ae731cd13760a8fb128dfe59f3d36fd93aaf68573b2ed0da4b2e34a0e4e070036e7d81260b33e
SSDEEP

49152:Ezb1pENOTfnkmvx3pDKIzWik7JsbRPP4M338dB2IBlGuuDVUsdxxjr:4E0bJ9Kak7qbRPgg3gnl/IVUs1jr

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4340	56ee3ebf7adc4de6393bcbc27ae235e9.exe

Executes dropped EXE 1 IoCs

pid	Process
4340	56ee3ebf7adc4de6393bcbc27ae235e9.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1652-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000600000002324b-11.dat	upx
behavioral2/memory/4340-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1652	56ee3ebf7adc4de6393bcbc27ae235e9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1652	56ee3ebf7adc4de6393bcbc27ae235e9.exe
4340	56ee3ebf7adc4de6393bcbc27ae235e9.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 4340	1652	56ee3ebf7adc4de6393bcbc27ae235e9.exe	90
PID 1652 wrote to memory of 4340	1652	56ee3ebf7adc4de6393bcbc27ae235e9.exe	90
PID 1652 wrote to memory of 4340	1652	56ee3ebf7adc4de6393bcbc27ae235e9.exe	90

C:\Users\Admin\AppData\Local\Temp\56ee3ebf7adc4de6393bcbc27ae235e9.exe

Filesize
2.4MB

MD5
794ee847a26f6cd95e3c62050a31b586

SHA1
c327d4bf73e151df59a17b54b7c7b949c298ad9c

SHA256
163187237b9a68487ba0b5ef2c1147b4345eff22cd6b867e0c7b9cff9a3b58fb

SHA512
5b8852e4463b7e97f7bad39c8d036fe7ab774c719b147f5dc11e1a2da498ff869a3a51bb74eb71f92ed630d342dfe12120380cd50c758c305a78ad0d3f7b37cc

Download Submit
memory/1652-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1652-1-0x0000000001D20000-0x0000000001E53000-memory.dmp

Filesize
1.2MB

Download
memory/1652-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1652-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4340-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4340-14-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4340-15-0x0000000001D10000-0x0000000001E43000-memory.dmp

Filesize
1.2MB

Download
memory/4340-21-0x0000000005610000-0x000000000583A000-memory.dmp

Filesize
2.2MB

Download
memory/4340-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4340-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download