f87c4ceb7286098bf696dbb16c67d2e0b8247eeb6084151a83276d6971c065b5

Analysis

max time kernel
141s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2023 14:07

Target

b780354f3a7f69f73339a0d15599150e.exe
Size

11.7MB
MD5

b780354f3a7f69f73339a0d15599150e
SHA1

fe29f00c16bd0d5f1ab66041de76ed113ad227cd
SHA256

f87c4ceb7286098bf696dbb16c67d2e0b8247eeb6084151a83276d6971c065b5
SHA512

336e2e1e81f83b3ad8f8933bced651181ac9939b51f3bc69d224855630361437dfafa8b7162d2ad043b351c3bf18d259d725051d2ecd8aed4204c220f5e9a7b5
SSDEEP

196608:yKXjpFauq1jI86017sq2oFAwPauq1jI86Gs6jauq1jI86017sq2oFAwPauq1jI86:yKXNplH072oAelHvulH072oAelH

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
60	b780354f3a7f69f73339a0d15599150e.exe

Executes dropped EXE 1 IoCs

pid	Process
60	b780354f3a7f69f73339a0d15599150e.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3868-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00080000000231fe-11.dat	upx
behavioral2/memory/60-13-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3868	b780354f3a7f69f73339a0d15599150e.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3868	b780354f3a7f69f73339a0d15599150e.exe
60	b780354f3a7f69f73339a0d15599150e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3868 wrote to memory of 60	3868	b780354f3a7f69f73339a0d15599150e.exe	90
PID 3868 wrote to memory of 60	3868	b780354f3a7f69f73339a0d15599150e.exe	90
PID 3868 wrote to memory of 60	3868	b780354f3a7f69f73339a0d15599150e.exe	90

C:\Users\Admin\AppData\Local\Temp\b780354f3a7f69f73339a0d15599150e.exe

Filesize
263KB

MD5
6e0e2a70a79d1103198239bde18271ea

SHA1
08fd208da1d8c4dede8c027fa39bdfd565daa7f5

SHA256
58de630c80985ac56774220f60150033b8425dd6ff0bf362fa8c7ead4e684a4c

SHA512
d83a7f374f4970ffcebdf352f3049633a515fc0e7fead4d39e2e7bb902f4db0e00eee76c22a9578e56939bc70fa242fa47b56539c1593c04f8f51766581417df

Download Submit
memory/60-13-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/60-15-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/60-14-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/60-20-0x0000000005620000-0x000000000584A000-memory.dmp

Filesize
2.2MB

Download
memory/60-21-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/60-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3868-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/3868-1-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/3868-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/3868-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download