1d8108975b6a3a84eae8ade2c0cc1b7bb85d22b3fd99156dfaf641ab397179e9

Analysis

max time kernel
163s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 09:57

Target

8322fd4b3fc93f6779777f95a6cb04cc.exe
Size

5.3MB
MD5

8322fd4b3fc93f6779777f95a6cb04cc
SHA1

17535634a3e5420224d1ea9590ce5db03b9d8e9f
SHA256

1d8108975b6a3a84eae8ade2c0cc1b7bb85d22b3fd99156dfaf641ab397179e9
SHA512

16ba9e482775efbc98ffe4e2a04b9d9a97d76380a622193fe15a1a7748f00e1b1325b89d9b1a8d3f84919953453dba4fbf67fdf22bfe60efc474740367d73298
SSDEEP

98304:hUh/q2N4dUPxljvMeK/xxNmJs9ElpYq0T/LEr60jvMeK/xxNmJs9Ef:hQqmiU/MeK/x9cOq0zM6iMeK/x94

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
5012	8322fd4b3fc93f6779777f95a6cb04cc.exe

Executes dropped EXE 1 IoCs

pid	Process
5012	8322fd4b3fc93f6779777f95a6cb04cc.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1632-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023202-11.dat	upx
behavioral2/memory/5012-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1632	8322fd4b3fc93f6779777f95a6cb04cc.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1632	8322fd4b3fc93f6779777f95a6cb04cc.exe
5012	8322fd4b3fc93f6779777f95a6cb04cc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 5012	1632	8322fd4b3fc93f6779777f95a6cb04cc.exe	92
PID 1632 wrote to memory of 5012	1632	8322fd4b3fc93f6779777f95a6cb04cc.exe	92
PID 1632 wrote to memory of 5012	1632	8322fd4b3fc93f6779777f95a6cb04cc.exe	92

C:\Users\Admin\AppData\Local\Temp\8322fd4b3fc93f6779777f95a6cb04cc.exe

Filesize
1.5MB

MD5
73412085cf83f80ac021d2f7bcb17b8d

SHA1
acc3a150bc7eb733ec2ca9a1aa951b13d65486fe

SHA256
af54907acb06efe024a73a0fa6e90cbd380ccf3e71d8bddcbd70ff41b6d0d5cb

SHA512
b30096f1f4451f6abaa95b01a305187eab64e79de88117c92e60eb5dfb45753245739a4e50fca1704ae18b51e96f5ff9214a0739a8906714e543f56e2e9416e8

Download Submit
memory/1632-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/1632-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/1632-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/1632-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5012-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5012-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5012-14-0x0000000001D30000-0x0000000001E63000-memory.dmp

Filesize
1.2MB

Download
memory/5012-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/5012-21-0x0000000005630000-0x000000000585A000-memory.dmp

Filesize
2.2MB

Download
memory/5012-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download