1720854197309fae87bd5907f8841e7f1245d92b52ab06204e5392a857614e11

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 14:04

Target

b5d8fa0ab7462cdf45082b506b5886fc.exe
Size

1.8MB
MD5

b5d8fa0ab7462cdf45082b506b5886fc
SHA1

e2c4d954feafbf06f05399c730ae46887f3fd290
SHA256

1720854197309fae87bd5907f8841e7f1245d92b52ab06204e5392a857614e11
SHA512

713aa88530143a5140c2c6583285845348837e91538ab86f98b7ad071db7397e550b63e5ad1031112c84b67a02c2df5eb6e70b2cb952b5ae94daa5c82a32d805
SSDEEP

49152:NWfrI7PYw4ToEuMnXDXTgqOMnss2BJVbhOwP:srIrYw4UcXDXC3BJthOm

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
804	b5d8fa0ab7462cdf45082b506b5886fc.exe

Executes dropped EXE 1 IoCs

pid	Process
804	b5d8fa0ab7462cdf45082b506b5886fc.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4276-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x000200000001fafe-11.dat	upx
behavioral2/memory/804-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4276	b5d8fa0ab7462cdf45082b506b5886fc.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4276	b5d8fa0ab7462cdf45082b506b5886fc.exe
804	b5d8fa0ab7462cdf45082b506b5886fc.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4276 wrote to memory of 804	4276	b5d8fa0ab7462cdf45082b506b5886fc.exe	88
PID 4276 wrote to memory of 804	4276	b5d8fa0ab7462cdf45082b506b5886fc.exe	88
PID 4276 wrote to memory of 804	4276	b5d8fa0ab7462cdf45082b506b5886fc.exe	88

C:\Users\Admin\AppData\Local\Temp\b5d8fa0ab7462cdf45082b506b5886fc.exe

Filesize
1.4MB

MD5
7b909b5ab1f3bc5a30d3d86429cd4722

SHA1
b749c90154a4ead67e782be49fe34751bf9cb4e9

SHA256
b13d19bc1c3f8c04294a5de1fd114ab91600a6b7bef9c44fbe62ba1ecf8376b2

SHA512
2b0d5137f1c98c56ff2bc4e1f2b87903869028fc7b45e0132022bc871a22e972b010abc8e456089fb38d03cb4743be4e26460811e868f0ae00c2b16715173105

Download Submit
memory/804-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/804-14-0x0000000001D10000-0x0000000001E43000-memory.dmp

Filesize
1.2MB

Download
memory/804-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/804-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/804-21-0x0000000005610000-0x000000000583A000-memory.dmp

Filesize
2.2MB

Download
memory/804-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4276-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4276-1-0x0000000001D00000-0x0000000001E33000-memory.dmp

Filesize
1.2MB

Download
memory/4276-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4276-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download