f66fbc513095ea281d78f18eb423b066f4be428b024ca3799f5c6f2c59c556c5

Analysis

max time kernel
148s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 03:24

Target

5a7c0a66fad3f11634dbf4b3cbdc9f59.exe
Size

1.3MB
MD5

5a7c0a66fad3f11634dbf4b3cbdc9f59
SHA1

f3048e1e1d935ae06f039b5114eaef185789102b
SHA256

f66fbc513095ea281d78f18eb423b066f4be428b024ca3799f5c6f2c59c556c5
SHA512

dc01644ea057be496f6cf5d0a2d6fb01882106527abccc67083bebc151f75287ce9005ca6dc6f91267f72c01ce3908e812e86e3d85a6db63b0b4ade4575115c4
SSDEEP

24576:K+C9JMKCJU5d8LNzhA6NMkwY1JToreJpXK3A78hy5PcyP/ysKEMbaYMTEVxul5B8:e92K6I8pzhMk9BB7B1NVeR9j

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2868	5a7c0a66fad3f11634dbf4b3cbdc9f59.exe

Executes dropped EXE 1 IoCs

pid	Process
2868	5a7c0a66fad3f11634dbf4b3cbdc9f59.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1068-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000400000001e96f-11.dat	upx
behavioral2/memory/2868-14-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1068	5a7c0a66fad3f11634dbf4b3cbdc9f59.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1068	5a7c0a66fad3f11634dbf4b3cbdc9f59.exe
2868	5a7c0a66fad3f11634dbf4b3cbdc9f59.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 2868	1068	5a7c0a66fad3f11634dbf4b3cbdc9f59.exe	29
PID 1068 wrote to memory of 2868	1068	5a7c0a66fad3f11634dbf4b3cbdc9f59.exe	29
PID 1068 wrote to memory of 2868	1068	5a7c0a66fad3f11634dbf4b3cbdc9f59.exe	29

C:\Users\Admin\AppData\Local\Temp\5a7c0a66fad3f11634dbf4b3cbdc9f59.exe

Filesize
174KB

MD5
7b281ae5acb55d2ccc5a6f389dc762e6

SHA1
ba2cbb32dd3f2adbf3629005c24bbe4f6a4f70a5

SHA256
5569645978581270cbee077a9f31688c07e0ca993ec6dca08560c891024a9eb7

SHA512
8a73dea7caeb0029e96ffd65a7ec632bf7f0266610fde8f1260a2f6ecb085c6e79f8add644c01ac3fddd4670bfa4adb855a43e5144bd5754223e80aa8e8b92cf

Download Submit
memory/1068-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1068-1-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/1068-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1068-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2868-14-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/2868-16-0x0000000001D00000-0x0000000001E31000-memory.dmp

Filesize
1.2MB

Download
memory/2868-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/2868-21-0x00000000055F0000-0x0000000005812000-memory.dmp

Filesize
2.1MB

Download
memory/2868-20-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/2868-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download