0638e9c3278080f0aff66d1f8fcca5564cb0fcec5645143406cd712570d0b28b

Analysis

max time kernel
165s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 14:06

Target

b745a6dca889884211b2d16e6eb62b28.exe
Size

1.4MB
MD5

b745a6dca889884211b2d16e6eb62b28
SHA1

4284c2ebcdf552ac60e71b8023a535659ce8c075
SHA256

0638e9c3278080f0aff66d1f8fcca5564cb0fcec5645143406cd712570d0b28b
SHA512

67a9a644bc29d127e00e0715290c21d626fbb0706f6658e3d5a50bfb6a35690fc8f265b0203787ae6ee59de5dac6d226ca8610773a45d1e158fdc3d0706aea47
SSDEEP

24576:oaPpECOHokwAAHoV8XE+Z3ajCGWlzjY1dicRTBRIV13hz/2Vts3hW:oaLAK90+5aGZlz4i0TBu3h/2fyh

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
5028	b745a6dca889884211b2d16e6eb62b28.exe

Executes dropped EXE 1 IoCs

pid	Process
5028	b745a6dca889884211b2d16e6eb62b28.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4484-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x0007000000023200-12.dat	upx
behavioral2/memory/5028-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
4484	b745a6dca889884211b2d16e6eb62b28.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
4484	b745a6dca889884211b2d16e6eb62b28.exe
5028	b745a6dca889884211b2d16e6eb62b28.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 5028	4484	b745a6dca889884211b2d16e6eb62b28.exe	89
PID 4484 wrote to memory of 5028	4484	b745a6dca889884211b2d16e6eb62b28.exe	89
PID 4484 wrote to memory of 5028	4484	b745a6dca889884211b2d16e6eb62b28.exe	89

C:\Users\Admin\AppData\Local\Temp\b745a6dca889884211b2d16e6eb62b28.exe

Filesize
765KB

MD5
de37757f93979075b4c2ffe9baed76bc

SHA1
f9d22f9aa3d2d01635ea0e53105f18b8329206c1

SHA256
db9f7f6224f14891934c526fdf10fc79421f0d0e1b5174320b1554c3ff335dd6

SHA512
c57ce051df9e476bf6c4245ce93882f21d8b15222730e28c829a14211a75a6329bea7e41298e63d9c72be84aa7efc44526c50aafe2efa09ac4889d6cae464503

Download Submit
memory/4484-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4484-1-0x0000000001CC0000-0x0000000001DF3000-memory.dmp

Filesize
1.2MB

Download
memory/4484-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4484-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5028-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/5028-15-0x00000000018F0000-0x0000000001A23000-memory.dmp

Filesize
1.2MB

Download
memory/5028-16-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/5028-21-0x0000000005630000-0x000000000585A000-memory.dmp

Filesize
2.2MB

Download
memory/5028-22-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/5028-29-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download