90a1dc5d46606abf16047455f3ad5f991a8cb0ada9036c6d7976feabea22465c

Analysis

max time kernel
144s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 04:55

Target

6ab8f45dddbc5bbfaf55aa7e0c64b90c.exe
Size

2.7MB
MD5

6ab8f45dddbc5bbfaf55aa7e0c64b90c
SHA1

555efd47b14d9bf4c0c62f653e48982fb491bd87
SHA256

90a1dc5d46606abf16047455f3ad5f991a8cb0ada9036c6d7976feabea22465c
SHA512

26905546b4a648300ebda37a63d65f244f86d839974c6d35d8d8ee1643abb8963f73dfcb8d17925fef41a922fefee31d5cf0646340a1b432d8fe8167ff42bc44
SSDEEP

49152:deZHttetRqCT7eZPx6+M/lK4khBrml+hywR9kXJ4l8IBEQQaVhorSbgQ20rR9j:wtQtRpep8+M/lmBrLywH64lIwhS020rD

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3020	6ab8f45dddbc5bbfaf55aa7e0c64b90c.exe

Executes dropped EXE 1 IoCs

pid	Process
3020	6ab8f45dddbc5bbfaf55aa7e0c64b90c.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4932-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/memory/3020-13-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x000600000002321d-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4932	6ab8f45dddbc5bbfaf55aa7e0c64b90c.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4932	6ab8f45dddbc5bbfaf55aa7e0c64b90c.exe
3020	6ab8f45dddbc5bbfaf55aa7e0c64b90c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 3020	4932	6ab8f45dddbc5bbfaf55aa7e0c64b90c.exe	30
PID 4932 wrote to memory of 3020	4932	6ab8f45dddbc5bbfaf55aa7e0c64b90c.exe	30
PID 4932 wrote to memory of 3020	4932	6ab8f45dddbc5bbfaf55aa7e0c64b90c.exe	30

C:\Users\Admin\AppData\Local\Temp\6ab8f45dddbc5bbfaf55aa7e0c64b90c.exe

Filesize
29KB

MD5
19614006bdae969c4a89ebda21b068d9

SHA1
fbb24790cfe031193d050a14c13a0351d94ee314

SHA256
07be0a08c51f7f82aa56806d823883a494ff9cb6648869aa6e3d611702e19959

SHA512
f7d66968ece190d740b8e4603bb806dd589ea2a9045f7d19a686a38bf6467ff314fa2f39321b086b60ff58800451512f132c762e0e0a314c67982e50bc093835

Download Submit
memory/3020-15-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/3020-14-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/3020-20-0x0000000005610000-0x0000000005832000-memory.dmp

Filesize
2.1MB

Download
memory/3020-21-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/3020-13-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/3020-28-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4932-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/4932-1-0x0000000001CF0000-0x0000000001E21000-memory.dmp

Filesize
1.2MB

Download
memory/4932-2-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/4932-12-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download