972f5a0546d5df00a53f0625e563f2448eaadea8880ea137d7a9390f831d7ab6

Analysis

max time kernel
141s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 07:42

Target

7a7545506f8d63f26aac78e541d3c5eb.exe
Size

2.7MB
MD5

7a7545506f8d63f26aac78e541d3c5eb
SHA1

462a2f6db190d4ca0d29990290f4f61d1adb39d7
SHA256

972f5a0546d5df00a53f0625e563f2448eaadea8880ea137d7a9390f831d7ab6
SHA512

99f1ef06262654e7e461ca66ce74355862afebfd13a05f6064cb6931aba801234a22367a26ecb9213db1d7aa690a97b97b8d99392e4ad7219b85d30ae6a68515
SSDEEP

49152:PFfmzwbwV3g/6MSxCc2rR9ktBc1+Q4YdxSChG38bDUggR9t:P90wbsgSZCc2rHktBcwQDM2YIDULHt

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
1980	7a7545506f8d63f26aac78e541d3c5eb.exe

Executes dropped EXE 1 IoCs

pid	Process
1980	7a7545506f8d63f26aac78e541d3c5eb.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1920-0-0x0000000000400000-0x00000000008E7000-memory.dmp	upx
behavioral2/files/0x0006000000023215-12.dat	upx
behavioral2/memory/1980-14-0x0000000000400000-0x00000000008E7000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1920	7a7545506f8d63f26aac78e541d3c5eb.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1920	7a7545506f8d63f26aac78e541d3c5eb.exe
1980	7a7545506f8d63f26aac78e541d3c5eb.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 1980	1920	7a7545506f8d63f26aac78e541d3c5eb.exe	92
PID 1920 wrote to memory of 1980	1920	7a7545506f8d63f26aac78e541d3c5eb.exe	92
PID 1920 wrote to memory of 1980	1920	7a7545506f8d63f26aac78e541d3c5eb.exe	92

C:\Users\Admin\AppData\Local\Temp\7a7545506f8d63f26aac78e541d3c5eb.exe

Filesize
184KB

MD5
df66080f4adb164421a8752068da8ea5

SHA1
c416d2eef3ee2e0e241d27fbbbd9305faff3ea99

SHA256
f6c0e3252187e7b00e6dbbaa6932f09a7bb7e39dacb5f12d80ddfd11cc540433

SHA512
07520cbd607beca7d6317be53b8e2483a2e2cc61b65712110a946f635d1aa89cadbab3a11050881af1cb3264c34f0aa2bfa5aacfaf3f6e028532c654b889a6a9

Download Submit
memory/1920-0-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1920-2-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/1920-3-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1920-13-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1980-14-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download
memory/1980-15-0x0000000000400000-0x0000000000622000-memory.dmp

Filesize
2.1MB

Download
memory/1980-16-0x00000000018F0000-0x0000000001A21000-memory.dmp

Filesize
1.2MB

Download
memory/1980-21-0x0000000005670000-0x0000000005892000-memory.dmp

Filesize
2.1MB

Download
memory/1980-22-0x0000000000400000-0x0000000000616000-memory.dmp

Filesize
2.1MB

Download
memory/1980-29-0x0000000000400000-0x00000000008E7000-memory.dmp

Filesize
4.9MB

Download