eb3ba5b43795700702e5b2e1f7178488d8f7e2ba88bb140eac072e5bb2a1bbc8

Analysis

max time kernel
148s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 14:15

Target

bc0c01169cdcc557412540433495ce56.exe
Size

9.1MB
MD5

bc0c01169cdcc557412540433495ce56
SHA1

94df06a88da0f218121021afdc42c49df87ef57b
SHA256

eb3ba5b43795700702e5b2e1f7178488d8f7e2ba88bb140eac072e5bb2a1bbc8
SHA512

f59194228b882ddb833d74b518d2eb0494fe6bc7878bb7a35d5ea8bb08ef31f24425c5e90f323f07678831b62f1ff7e62368f0316e79b6cd923563e7c952ba6d
SSDEEP

196608:kAc1cumHgl/iBmEflzMpgl/iBK/e0Kst7m0gl/iBmEflzMpgl/iB0:kAc8H2i3G2iNs602i3G2i0

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
4908	bc0c01169cdcc557412540433495ce56.exe

Executes dropped EXE 1 IoCs

pid	Process
4908	bc0c01169cdcc557412540433495ce56.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2212-0-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/memory/4908-14-0x0000000000400000-0x00000000008EF000-memory.dmp	upx
behavioral2/files/0x00080000000231d9-11.dat	upx

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2212	bc0c01169cdcc557412540433495ce56.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2212	bc0c01169cdcc557412540433495ce56.exe
4908	bc0c01169cdcc557412540433495ce56.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 4908	2212	bc0c01169cdcc557412540433495ce56.exe	22
PID 2212 wrote to memory of 4908	2212	bc0c01169cdcc557412540433495ce56.exe	22
PID 2212 wrote to memory of 4908	2212	bc0c01169cdcc557412540433495ce56.exe	22

C:\Users\Admin\AppData\Local\Temp\bc0c01169cdcc557412540433495ce56.exe

Filesize
62KB

MD5
70308b82d33b6b303d4f49aa78d3b51b

SHA1
fe1c93ffb92a5b85ea85a13d4a88469d0a9d761a

SHA256
cb979ae1c9b59ff90f263962d04056dd74d80d92582d32e11e02dbdbfa2840f8

SHA512
2ec171919665b2fbff3324e8ef80b6bec88705b69ec04c94059002a2f2f5a5063860f204398aae97db67de75923e4be99ec07316c0f202ff1b29476e8b8c6827

Download Submit
memory/2212-1-0x0000000001D80000-0x0000000001EB3000-memory.dmp

Filesize
1.2MB

Download
memory/2212-2-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/2212-0-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/2212-12-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4908-14-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download
memory/4908-16-0x0000000001D30000-0x0000000001E63000-memory.dmp

Filesize
1.2MB

Download
memory/4908-21-0x0000000005630000-0x000000000585A000-memory.dmp

Filesize
2.2MB

Download
memory/4908-20-0x0000000000400000-0x000000000061D000-memory.dmp

Filesize
2.1MB

Download
memory/4908-13-0x0000000000400000-0x000000000062A000-memory.dmp

Filesize
2.2MB

Download
memory/4908-28-0x0000000000400000-0x00000000008EF000-memory.dmp

Filesize
4.9MB

Download